Security Teams Need To Focus On Vendor Email Compromises
SC Media, Tuesday, August 5th, 2025
Most people think of cyberattacks as complex, technical breaches: Malware. Ransomware. Exploits.
But often, the most successful attacks are simple-they're the text-based emails that get read, replied to, and acted on. And increasingly, they're not coming from someone pretending to be a CEO, like the gift card scams of the past. They're coming from another trusted entity: the supply chain.
Threat intelligence from our team confirms what I've seen in the field: vendor email compromises (VECs) have become the attack vector no one wants to talk about, but everyone needs to understand.