Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The BlueVoyant SOC consistently monitors and analyzes threats within customers instances 24x7. One threat we have been tracking and observing has been a free-ware software known as RecipeLister. This software claims to provide users with the capabilities of viewing and downloading recipes in order to assist in the journey of staying healthy. While this capability was rather appetizing, we discovered there was more to be unpacked by this software.

As an enterprise organization leveraging Microsoft's comprehensive security ecosystem — including Sentinel, Defender XDR, Defender for Cloud, and Microsoft Security Copilot — you've established a robust security operation. However, the security landscape continuously evolves including your organization's changing business requirements and Microsoft's ongoing platform enhancements.

Look at any collection of top 10 organizational security concerns from recent years, and “third-party breaches” are consistently high on the list. These attacks have caused financial and reputational damage to every sector, from banks to healthcare systems to retail to governments. And the problem is growing. Recent statistics highlight just how severe the issue has become.

You've made the investment. Microsoft Defender XDR is deployed across your endpoints while Sentinel aggregates logs and generates alerts. Your security operations team completed initial training and familiarized themselves with the new tools. On paper, you have a modern security operation powered by Microsoft's robust security stack.

The UK retail sector currently stands at a crossroads where cyber security is not just a regulatory or operational obligation, but a cornerstone for success. As cyber threats continue to rise, understanding the impact of these threats and how they infiltrate the retail supply chain is vital for operational continuity.

A decade ago, the primary focus of TPRM was questionnaire management and distribution, usually done in a simple and manual way, relying on vendors to self-report on their security practices. Today the basic best practices of TPRM have grown to include continuous monitoring and other advanced AI-based capabilities like CVE alerting for third parties as elementary aspects of an effective program.

The recent publication of Gartner’s Market Guide For Third-Party Risk Management Technology Solutions (1) is especially timely as the percentage of cyber breaches involving third parties doubled over the past year to 30% according to Verizon’s 2025 Data Breach Investigations Report.