Feed aggregator

• Apple's Password App has been patched after a vulnerability was discovered
• The flaw left users exposed for three months, experts claim
• Users were at risk of social engineering attacks

A bug in the iOS 18.2 Passwords app which left users vulnerable to phishing attacks for over three months after its release, has been fixed, according to an update from Apple.

The flaw was discovered after security researchers at Mysk noticed that their device’s App Privacy Report showed the Passwords App had contacted 130 different websites over insecure HTTP traffic.

The app used the HTTP protocol instead of a more secure HTTPS when opening links and downloading app icons. Upon further investigation, the researchers found that the app also defaulted to opening password reset pages with the unencrypted protocol. This left users vulnerable as an attacker “privileged network access could intercept the HTTP request and redirect the user to a phishing website,” the researchers told 9to5Mac.

Patch now

The risk in this attack is that cybercriminals will use the vulnerability to carry out social engineering attacks by redirecting victims to insecure websites.

The Password app will now use HTTPS for all connections by default - so ensure your Apple devices are all updated and using iOS 18.2 or later.

Research has shown security attacks on password managers have soared in recent months, with reports finding a threefold increase in malware that targets credentials in password stores.

The attacks are also growing in sophistication , with cybercriminals prioritizing “complex, prolonged, multi-stage attacks” delivered with an all-new generation of malware. This new malware, like infostealers, comes with more persistence, stealth, and automation.

The best, and most secure, password manager tools will safely store, generate, and crucially autofill your website and app passwords. These can help you create and manage your unique and strong passwords without the hassle of having to remember each one.

You might also like

• Take a look at our picks for the best password generators around
• Check out our choice for best antivirus software
• How phishing attacks are hitting the supply chain – and how to fight back

• McAfee's researchers find a "cocktail" of malware hiding behind fake DeepSeek apps
• The campaign preys on people searching for the generative AI tool
• Infostealers, crypto miners, and more, are being deployed this way

The hype around DeepSeek is the next big thing cybercriminals are exploiting in their hacking campaigns, researchers from McAfee Labs are saying.

The team has outlined how they saw cybercriminals setting up various websites, offering different versions of DeepSeek for download. Victims would reach these websites through search engines, meaning that some SEO poisoning was involved in the campaign, as well.

When they reach the websites and download the software, the victims are infected with a “cocktail of malware”, ranging from keyloggers and password stealers, to coin miners. These malware variants can steal sensitive information (including banking credentials and cryptocurrency wallet information), and can force the infected computer to mine cryptocurrency, rendering it useless for pretty much anything else.

Fake CAPTCHA

While on some websites, the victims are invited to download a DeepSeek app or program, on others - the devil is in the CAPTCHA.

In some cases observed by McAfee, victims would visit a website with a CAPTCHA that can be “solved” by copying and pasting a command into the Run program on Windows. This command just downloads and runs a malware dropper.

To stay safe, you should stay vigilant at all times. Instead of “googling” for something, visit the website directly, and if you don’t know the address, scrutinize every link returned by the search engine.

Furthermore, a real CAPTCHA will never ask you to paste a command into the Run program.

Hackers are known for tapping into current trends to distribute malware. Similar campaigns were observed when Chat-GPT was first released, both for Windows and Android.

Major events, such as Black Friday and Cyber Monday, the Olympic Games, World Cup, and others, have all been abused in the past. The Covid-19 breakout, Russo-Ukrainian war, and the US presidential elections, all served as platforms for information theft, malware distribution, and wire fraud.

You might also like

• Hackers claim Orange attack, threaten to leak 1TB of data
• We've rounded up the best password managers
• Take a look at our guide to the best authenticator app

The Pixel 9A joins the family with a better battery and a svelte profile with less impressive cameras.

KontrolFreek has given us an exclusive early look at its latest special edition controller accessory, the Call of Duty Performance Thumbsticks Speed Cola Edition.

A successor to the popular Deadshot Daiquiri Edition released late last year, these thumbsticks boast a unique design inspired by the world of Call of Duty: Black Ops 6 zombies.

They feature a proprietary rubber material in a charming bright green shade with a distinct laser-etched pattern based on the emblem for the in-game Speed Cola power-up.

You get two thumbsticks in the box, a standard mid-rise version designed for your controller's left thumbstick and a taller high-rise one that you can attach to the right thumbstick for increased precision and more accurate aiming.

Image 1 of 8

(Image credit: KontrolFreek)Image 2 of 8

(Image credit: KontrolFreek)Image 3 of 8

(Image credit: KontrolFreek)Image 4 of 8

(Image credit: KontrolFreek)Image 5 of 8

(Image credit: KontrolFreek)Image 6 of 8

(Image credit: KontrolFreek)Image 7 of 8

(Image credit: KontrolFreek)Image 8 of 8

(Image credit: KontrolFreek)

The product comes in special packaging too with a collectible can that would look right at home on any gamer's shelf. It even includes a code for a limited weapon charm in Black Ops 6 which could be worth the price of admission alone for the most dedicated fans.

KontrolFreek thumbsticks remain a popular choice among more serious Call of Duty players and, having used them frequently over the last year, I can attest that they do actually make a difference to your in-game performance. Given the relatively low asking price of many models, there's no reason not to give them a try and see if they work for you.

If you're keen to get your hands on this latest release, the Call of Duty Performance Thumbsticks Speed Cola Edition launches on March 20, 2025. Xbox and PlayStation versions will be available today via the official KontrolFreek website for $29.99 / £29.99.

You might also like...

• Salute for the Thumb Soldiers, versatile thumbstick add-ons that offer variety, increased control, and greater accessibility
• Exoborne is on track to be the most approachable extraction shooter on the market, but will that be enough for it to succeed?
• Call of Duty: Black Ops 6 Season 3 gets two-week delay, will now release in April

Most Louisianans no longer speak French, but a growing number of schools are now immersing kids in it. At École Pointe-au-Chien, the focus is on teaching local French dialects first.

(Image credit: Aubri Juhasz)

Author Gary Rivlin says regulation can help control how AI is used: "AI could be an amazing thing around health, medicine, scientific discoveries, education ... as long as we're deliberate about it."

• House of David has been renewed for a second season on Prime Video.
• The historical drama brought in 22 million viewers in its first 17 days.
• Season 2 will follow David's rise to the throne after his battle with Goliath.

Prime Video has renewed the historical drama House of David for a second season ahead of its series finale on April 3.

House of David, which launched with three episodes on February 27, attracted 22 million viewers in its first 17 days of streaming and claimed the second spot in Prime Video's top 10 shows list, falling behind Reacher season 3.

With a growing library of historical dramas, Prime Video is becoming one of the best streaming services for religious TV shows. Its sprawling library has the likes of The Chosen, a hugely successful series that dramatizes the life of Jesus Christ. With a 60% Rotten Tomatoes score from the critics, House of David doesn't make it onto our best Prime Video shows list. However, it's clearly been a huge hit among audience given its staggering results.

Show creators Jon Erwin and Jon Gunn said of the renewal: “We are humbled by the extraordinary reaction this show has earned from the faith audience worldwide. Thanks to them and our partners at Prime Video and Amazon MGM Studios, Wonder Project will bring more of the Bible and this epic saga to a global audience. Congratulations to our incredible cast and crew.”

What is House of David season 2 about?

The biblical epic tells the story of David (Michael Iskander), a teenage outcast who is anointed the new king of Israel as the once-mighty King Saul (Ali Suliman) falls victim to his own pride and begins to lose power.

House of David season 2 follows David's rise to the throne in the aftermath of his battle with Goliath (Martyn Ford). As he navigates palace politics, his family's jealousy and a growing romance, David learns what it means to become a great leader.

Vernon Sanders, head of television at Amazon MGM Studios shared: “Jon Erwin and Jon Gunn’s compelling creative vision has solidified our belief in the series and we are excited to deliver more of the story to our customers. We look forward to a continued journey with Wonder Project as we further expand our slate to encompass faith-based series.”

You might also like

• The Wheel of Time season 3 is Prime Video's #2 show – here are 3 more fantasy series with over 85% on Rotten Tomatoes
• I'm rewatching We Are Newcastle United on Prime Video after my club's exhilarating Carabao Cup win
• 5 new Prime Video movies with over 90% on Rotten Tomatoes I think you should stream in March

Israel's military launched a new ground offensive in Gaza, sending troops into areas they retreated from during a two-month ceasefire. This comes a day after airstrikes killed more than 400 people.

(Image credit: Jack Guez)

• Kape Technologies, owner of ExpressVPN, has announced a wave of redundancies at the VPN firm
• The total number of redundancies remains unconfirmed
• This comes weeks after major updates to its proprietary Lightway WireGuard protocol

ExpressVPN has announced a round of redundancies in an official statement.

This is the second time the Kape Technologies-owned company has taken the axe to its workforce in two years after it shed 12% of its staff in July 2023.

According to Tom’s Guide, ExpressVPN has not specified the number of jobs lost, so far, with the statement only reading that the company has taken the “difficult decision to reduce the size of our workforce".

The statement does not mention any cuts at either Private Internet Access (PIA) or CyberGhost – two VPNs also under the Kape umbrella.

ExpressVPN is still currently advertising several job openings in both Engineering and Security on the company website, as well as in Marketing and Accounting & Finance. So, how significant this is as signs of trouble ahead for this VPN service is hard to gauge.

(Image credit: ExpressVPN)

Indeed, ExpressVPN recently released significant updates to its VPN protocol, Lightway, alongside major updates to its Linux app earlier this month. The company also entered the eSIM market with the launch of holiday.com back in December.

There also seem to be plenty of funds in the marketing coffers with ExpressVPN announcing a partnership with Tottenham Hotspur Football Club as the official Digital Privacy Partner in November.

ExpressVPN places third in TechRadar's best VPN guide at the time of writing. It topped those charts for several years until the beginning of 2024 when NordVPN was named best VPN.

ExpressVPN slipped further later that year when Surfshark climbed to second.

We look forward to re-testing ExpressVPN in the coming months to see how its Lightway protocol has improved and whether its bid to be the fastest VPN on the block has received a boost from Lightway Turbo.

You may also like

• Tech layoffs: popular cybersecurity firm cuts around 200 staff
• What's new in Lightway 2.0?
• Can fast be faster? ExpressVPN promises it's possible

Executive orders from President Trump have agencies across the government scrubbing websites of photos and references to transgender people, women and people of color.

(Image credit: Tara Anand for NPR)

• Nanoleaf has launched a new lighting strip that syncs with your monitor
• It could provide an immersive boost to Mac gamers
• Apple has also patented a Magic Mouse with haptic feedback

Things have been looking up for Mac gamers in recent years, with Apple launching increasingly powerful hardware and AAA games coming to the company’s computers in increasing numbers. Now, there are a few new reasons why Mac gaming could be getting a touch more immersive.

The first is that Nanoleaf has just launched the PC Screen Mirror Lightstrip, which is a lighting strip for Mac and PC desktop monitors that provides rainbow effects for an immersive experience while gaming, listening to music, or watching TV shows and movies.

The strip connects to your computer over USB-C and needs to be paired using Nanoleaf’s desktop app. Once that’s done, its lights can actively match what is happening on your screen, providing a backlighting effect that extends the on-screen colors to your surroundings.

Nanoleaf’s Lightstrip costs $49.99 and can be pre-ordered from the company’s website. It’ll start shipping at the end of March.

Apple patent points to a haptic gaming Magic Mouse

(Image credit: Kaboompics.com / Pexels)

While Nanoleaf’s latest product is available to order now, there’s another idea that could give Mac gamers a boost that’s a little more experimental, and it comes in the form of a freshly uncovered patent (via Patently Apple).

The patent describes how a future Magic Mouse could be embedded with haptic sensors that mimic the effects of on-screen action. For example, it could enable you to feel the texture of moving through sand or sliding on ice, providing a much more immersive gaming experience.

Right now, Apple’s Magic Mouse is poorly suited to gaming due to its slippery top surface, unergonomic shape, and lack of customizable buttons. While the ideas discussed in the patent might help make it more viable for gaming, it will need a more wide-ranging overhaul before it becomes gamers’ pointer of choice. That said, the idea of a mouse embedded with haptic sensors could equally apply to creative and productivity tasks, so there’s a degree of flexibility here.

Being a patent, we don’t know when – or if – this will ever come to fruition. But it’s interesting to imagine how it could benefit Mac gamers and productivity lovers alike.

You might also like

• Best Mac games 2025 - the best Apple-friendly gaming experiences you can get
• The best smart lights 2025: light up your life with smart bulbs and lamps
• Good news! Apple finally redesigns the Magic Mouse with USB-C! Bad news! The charging port is still on the bottom

• California Cryobank confirmed suffering a data breach in 2024
• Social Security numbers, driver's license numbers and more were stolen
• The company is offering credit monitoring services to some customers

One of the largest sperm banks in the United States has suffered a cyberattack in which it lost sensitive customer data.

California Cryobank confirmed the news in a filing with the Maine Office of the Attorney General, as well as in a data breach notification letter being sent out to affected individuals.

In the notification letter, the company said that it detected suspicious activity on its network on April 21, 2024, and isolated potentially affected devices from the network.

What about Donor IDs?

"Through our investigation, CCB determined that an unauthorized party gained access to our IT environment and may have accessed and/or acquired files maintained on certain computer systems between April 20, 2024 and April 22, 2024," the letter says.

California Cryobank is a sperm and egg bank that provides reproductive services, including sperm donation, egg freezing, and genetic screening. It is among the largest sperm banks in the United States, offering a diverse range of donors and services, and operating in all 50 states and more that two dozen countries around the world.

A more thorough investigation, which lasted almost a year, CCB concluded that different personal data was exposed for customers, such as names, bank accounts and routing numbers, Social Security numbers, driver's license numbers, payment card numbers, and/or health insurance information. It did not say how many people were affected.

It is unclear if donor information, such as donor ID numbers, was stolen in the attack, as well. When a person donates sperm, they are assigned an ID number, and their identity remains hidden until the child turns 18 and decides to learn more about their biological father. Leaking ID numbers could be a major privacy concern.

The company has offered a year’s worth of credit monitoring to people whose Social Security numbers and driver’s license numbers were exposed in the attack.

Via BleepingComputer

You might also like

• Hackers claim Orange attack, threaten to leak 1TB of data
• We've rounded up the best password managers
• Take a look at our guide to the best authenticator app

The $499 Pixel 9A shares many features with its pricier counterparts. So what does that lower price include -- and exclude?

The deal's good for a year and you can watch March Madness games, School Spirits, Yellowjackets and more on the streaming service.

• Qualcomm has announced the Snapdragon G Series of gaming processors
• They're primarily market for mobile and cloud gaming
• The most powerful of the lineup is capable of ray tracing and 1440p at 144Hz

Qualcomm has announced its new lineup of Snapdragon G series processors for the handheld market.

Announced in an official blog post, the Snapdragon G Series is made up of three different platforms: the Snapdragon G3 Gen 3, Snapdragon G2 Gen 2, and the Snapdragon G1 Gen 2.

The company claims its latest chips are "designed with gamers in mind" to "deliver sustained graphics performance on handheld, dedicated devices". It promises "high-fidelity graphics" with "incredible ergonomics" for those wanting their mobile games at their best.

As the naming conventions may elude to, the Snapdragon G3 Gen 3 is said to be the most powerful of the lineup, made for the "most demanding cross-platform gaming titles" whereas the Snapdragon G2 Gen 2 is instead primarily marketed for "cloud games across major ecosystems".

This is backed up by the technical specifications of the Snapdragon G3 Gen 3, which feature an eight-core Qualcomm Kyro CPU, Adreno A32 graphics (including ray tracing functionality), Wi-Fi 7, Bluetooth 5.3, and support for 1440p at 144Hz.

The Snapdragon G2 Gen 2 is similarly powerful, with the same eight-core Qualcomm Kyro CPU, but it features Adreno 22 graphics instead, with the same connectivity standards and output options.

Things only get more mainstream when analyzing what the Snapdragon G1 Gen 2 can do. Despite having the same eight-core processor as the others, six of its total cores are efficiency, with only two dedicated to performance.

Similarly, it has weaker Adreno A12 graphics, and only support for Full HD (1080p) at 120Hz with Wi-Fi 5 and Bluetooth 5.1. It's safe to say this could be the chip found in cloud gaming devices that do not require the same level of horsepower.

Some of its partners running the new chips include AyaNeo, OneXSugar, and Retroid Pocket, among others, as the hardware is primarily geared towards Android and cloud gaming performance rather than native rendering. However, given the prowess of the leading chip, that could change depending on who adopts the silicon.

A step forward for mobile gaming hardware

Qualcomm has had great success over the past year since its Snapdragon X Elite line, powering some of the best laptops and best ultrabooks, famed for their snappy performance and long battery lives when compared to traditional x86 alternatives. The company now seems in a position to take on some of the biggest processors from rivals, such as AMD's Z1 and Z2 chips that you'll find in some of the best gaming handhelds.

We may not see a similar level of compatibility and performance with Windows or SteamOS machines, but for what they are, the Snapdragon G Series could still be a viable alternative. Some handhelds hitting the market have already impressed featuring the Snapdragon G3 Gen 3 chip, like the AyaNeo Pocket S2, which is said to elevate Android gaming without the usual trappings of getting warm (via PCMag).

Just as Windows on Arm has evolved since it launched and was iterated upon as the big x86 alternative, the Snapdragon G Series could be the thing to push more handheld gamers into the arms of dedicated cloud-based and Android machines if the battery lives, displays, and ergonomics can outmatch what current-generation handheld PCs can do.

Competition is always a good thing as it pushes companies to continue innovating and improving on tech instead of stagnation, something the portable scene has been in danger of for years now. Will the Snapdragon G Series be enough to frighten AMD and Intel? It's not clear yet, but we've seen Qualcomm muscle in on their territory with its laptops, so why couldn't handhelds be next?

You may also like...

• What is Meta AI? Everything you need to know
• Windows 11 could help you understand how fast your PC is
• It's not looking good for AMD's Medusa Point APUs

The decision offers a venue compromise in the bellwether case, while Khalil's legal team seeks to release him from detention and block his deportation.

(Image credit: Selcuk Acar)

Over 400 actors, writers and directors signed an open letter outlining serious concerns about copyrights amid big tech's AI ambitions.

With rising utility bills and the increasing cost of living, consumers need more support than ever—especially the most vulnerable. Acknowledging vulnerability isn’t enough; organizations must take action to ensure no one falls through the cracks.

Recent research from Focal Data highlights a growing number of UK adults who are either already in or on the verge of vulnerable situations. However, there is encouraging news: awareness is increasing, particularly among younger generations, and organizations now have clear, actionable guidance on providing meaningful support.

As consumer vulnerability evolves, technology leaders are crucial in driving solutions that ensure no customer is left behind. Their responsibility extends beyond deploying new tools; it involves strategically integrating AI to help customer service teams deliver scalable, empathetic, and effective support.

Additionally, as sectors such as financial services, utilities, and retail face increasing regulatory scrutiny and ethical concerns around data and AI usage, technology leaders must provide guidance to ensure compliance and responsible AI deployment.

35 million UK adults are potentially vulnerable

The Financial Conduct Authority (FCA) identifies four key drivers of vulnerability, a framework that extends beyond financial services and helps organizations understand the complexities behind consumer vulnerability:

1. Health issues (mental and physical illness)

2. Life events (including bereavement and job loss)

3. Low resilience (the inability to withstand financial or emotional shock)

4. Low capability and confidence (in dealing with financial matters)

Based on these criteria, the Focal Data research estimates that 35 million UK adults—approximately two-thirds of the adult population—are potentially vulnerable. Despite this, only 19% of those affected self-identify as vulnerable, and 34% of consumers would be uncomfortable disclosing mental health challenges.

Delivering support at this scale is an immense challenge, made even more difficult by low awareness and reluctance to discuss vulnerability. Many organizations believe they have sufficient processes in place to support vulnerable customers. Yet, when examined closely, the reality is quite different. On average, only around 3% of calls are screened for vulnerable customer support, and even fewer are routed to appropriate processes. This stark gap exposes many organizations to regulatory risks and, more importantly, leaves vulnerable customers without the support they need.

Younger adults show greater self-awareness, yet pressure remains

There is, however, some hope. Younger adults, particularly those under 34, are leading the way in self-awareness, with 31% identifying as vulnerable. This increased self-awareness is a promising step toward more open communication about financial and personal struggles.

However, organizations cannot rely on self-identification alone. This puts undue pressure on customer service advisors to recognize vulnerability based solely on soft skills and single interactions. Advisors are expected to identify a customer’s vulnerability while simultaneously searching for accurate information, leading to potential bias and missed signs. For example, a customer displaying subtle signs of stress may be perceived as just another frustrated caller rather than someone in genuine distress. Relying solely on human judgment to identify vulnerability is neither scalable nor sufficient.

Energy and utilities remain the top source of financial pressure

Financial pressures, particularly rising energy and utility costs, weigh heavily on UK households. A troubling 35% of potentially vulnerable consumers anticipate reducing or stopping their heating and hot water usage in 2025 due to financial strain.

With financial difficulties impacting consumers across all demographics, organizations—especially energy providers—must adopt solutions that build customer confidence and help consumers easily access critical information.

Vulnerable consumers are choosing digital support

Vulnerable consumers are increasingly turning to digital channels for support. Over a third (37%) prefer organizations to invest in improved digital services, such as AI-powered chatbots, over traditional in-person support, surpassing the general population’s demand (33%).

Digital channels provide an added layer of anonymity, which can be especially empowering for vulnerable individuals hesitant to discuss sensitive issues face-to-face. This presents a significant opportunity for organizations to leverage intelligent solutions that help customers resolve their issues efficiently and accurately.

AI and automation: the key to scalable, compassionate support

With a growing number of consumers at risk, outdated manual processes can’t keep up. Supporting vulnerable consumers at scale requires innovation. AI and automation can transform how organizations detect and respond to vulnerability, ensuring no one is left behind.

AI-driven solutions can analyze every customer interaction across voice and digital channels, detecting vulnerability in real-time based on language cues, sentiment, and behavioral patterns. This allows for timely intervention and ensures that customers receive the right support when they need it the most.

AI-powered chat services must go beyond surface-level interactions. Smart escalation pathways ensure that vulnerable consumers receive appropriate follow-up, whether through specialist advisors or seamless context capture—eliminating the need for customers to repeat distressing details.

However, AI insights are only valuable if they empower frontline advisors. Real-time AI guidance can equip agents with instant, tailored recommendations—whether offering alternative payment plans, government assistance, or mental health support options. This ensures that customers receive compassionate, personalized service without the risk of bias or oversight.

What’s more, by automating workflows, organizations can ensure vulnerable customers are always routed to the correct resources, specialist teams, or dedicated processes—minimizing the risk of anyone falling through the cracks.

The future of vulnerable customer support

Vulnerability is a human challenge, but technology is needed to solve it at scale. AI doesn’t just detect vulnerability—it enables organizations to move beyond recognition, delivering proactive, personalized, and truly supportive experiences.

For technology leaders, the message is clear: AI and automation must be embedded at the core of customer support strategies. By working closely with customer service, technology leaders can ensure that every consumer, especially the most vulnerable, receives the support they need with dignity, efficiency, and care.

We've featured the best help desk software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

In a shaky economy, CDs are a safe bet.

Today’s organizations rely on an extensive network of third-party vendors, partners, and service providers to enhance operations and fuel innovation. Whether leveraging cloud services, supply chain partners, or outsourced IT solutions, these external dependencies introduce complex cybersecurity risks.

The 2024 Change Healthcare cyberattack exemplified the devastating consequences of a third-party vulnerability, exposing the personal and medical information of nearly 190 million individuals—the largest healthcare data breach on record. This incident underscored how deeply vulnerabilities in a single third-party provider can ripple across entire industries, exponentially expanding attack surfaces and amplifying the consequences of a single security failure.

The escalating threat of third-party cyber risks

One year after the Change Healthcare cyberattack, third-party breaches continue to dominate headlines, with new incidents emerging almost monthly. In January, government IT contractor Conduent suffered a cyberattack due to a third-party system compromise on an operating system. The following month, Grubhub disclosed a data breach after detecting unusual network activity linked to a compromised third-party service provider. These incidents are not isolated; they reflect a growing trend where cybercriminals exploit a single point of entry to infiltrate one or more organizations' entire digital supply chain.

The repercussions of a third-party cyberattack extend far beyond immediate operational disruptions. They erode customer trust, trigger scrutiny from officials, and result in significant financial losses. The evolving threat landscape coupled with businesses expanding their reliance on external vendors increases the potential for third-party security failures, making it imperative for organizations to rethink their approach to vendor risk management. Third-party risk management (TPRM) is no longer a compliance exercise, it is a business-critical function requiring continuous oversight and modernization.

The shortcomings of traditional TPRM approaches

Historically, organizations have relied on manual assessments to evaluate third-party risks, often involving lengthy security questionnaires, periodic audits, and contractual agreements outlining cybersecurity expectations. While these measures establish a baseline for vendor security, they are largely static and offer little real-time insight into evolving threats. As cybercriminals become more sophisticated and exploit new vulnerabilities within days of being discovered, a point-in-time assessment is no longer sufficient.

The increasing volume of vendor relationships further complicates manual risk management. Security teams are often overwhelmed by the sheer number of third parties they must monitor, leading to inefficiencies, delays, and gaps in visibility. Traditional approaches rely on periodic assessments that provide only a snapshot, leaving organizations blind to threats that can emerge between evaluations.

Without continuous oversight, security gaps can go undetected until it’s too late. Addressing these shortcomings requires a shift from manual, reactive processes to automation-powered security operations, where real-time monitoring and AI-driven analytics provide the agility needed to stay ahead of evolving threats.

How AI and automation-driven security is transforming TPRM

AI and automation should not replace human decision-making; but rather augment it, empowering security teams with the tools and information needed to make better, faster, and more informed choices. A well-implemented AI and automation-powered strategy reduces operational fatigue, optimizes resource allocation, and ensures organizations stay ahead of evolving cyber threats rather than constantly playing catch-up. By automating TPRM, organizations can shift from passive risk management to proactive threat prevention.

Unlike traditional risk assessments that provide a static view of a vendor’s security posture, automation and AI can continuously monitor third-party networks, applications, and behaviors to identify anomalies and provide real-time visibility of external threat environments. AI-based third-party risk detection can also help organizations progress beyond known, rule-based security risk detection to a more heuristic detection capability.

While the risk of AI hallucinations and associated false positives can still be an issue, this is an emerging field for detecting software and network vulnerabilities that should not be overlooked. This proactive approach helps organizations move away from reactive security models, allowing them to address risks before they become crises.

Automation further strengthens incident response. When a security event occurs within a third-party environment, automation platforms accelerate containment by instantly analyzing the breach, assessing its impact, and triggering efficient notification of the appropriate practitioners which can be used to engage response protocols quickly and accurately. This rapid intervention significantly reduces dwell time, limiting the potential damage caused by an attack.

An automation platform with robust case management capabilities and highly customizable playbooks provides a centralized location for storing valuable information about TPRM-associated tasks, detections, software in use in the organization, asset criticality, and more. This helps not only in the defense of an environment but also can be leveraged for compliance audit readiness or demonstrating to insurers and stakeholders what measures have been taken to manage third-party risk.

The time for action Is now

Third-party data breaches, such as the recent GrubHub cyberattack, act as a wake-up call for organizations to prioritize proactive security measures. Cybercriminals will continue targeting external providers as a backdoor into organizations, reinforcing the need for a proactive, AI-enhanced approach to TPRM.

By integrating AI and automation-driven security operations, organizations can achieve real-time monitoring, automated threat detection, and rapid incident response, detecting anomalies before they escalate into full-scale breaches. In an era where cyberattacks are inevitable, resilience is built on preparedness. The time for action is now before your organization becomes the next headline.

We've featured the best business VPN.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro