How File Transfer Software Became the #1 Third-Party Breach Vector

SecurityScorecard reports that file transfer software has become the top exploited vector in third-party breaches in 2025, highlighting the MOVEit zero-day (CVE-2023-34362) and Cleo vulnerabilities (CVE-2024-50623, CVE-2024-55956) exploited by the C10p ransomware group; these campaigns accounted for a large share of vulnerability-driven third-party breaches and underscore the systemic supply-chain risk and need for vendor transparency, patching, and continuous vendor attack-surface monitoring.