This week saw several vendors trying to get out announcements ahead of RSA in San Francisco. The majority of security updates focused on the addition of some form of AI into product lines.
In other news, WSO2 formally announced its Ambassador Programme to recognise those in the community who are seen as champions of the product. The programme was first announced at WSO2Con in Barcelona. It is the first deliverable from Isabelle Mauny, Chief Developer Advocate at WSO2, who is keen to elevate the role of the developer.
Qualys has unveiled Policy Audit, an upgrade to its policy compliance solution. With the level of audits that organisations are subject to increasing year on year, anything that improves detection and speeds up remediation is good news.
Descope has launched its Agentic Identity Hub to address issues of authentication and authorisation of AI agents. It wants to address the challenge many organisations face with letting AI agents access and use applications. Among those challenges, are being able to identify an agent and understand what rights and permissions it requires in order to complete tasks.
At NTT Upgrade 2025 in San Francisco, D-ID.com showcased its interactive AI video and avatar creation tool. With the internet awash with marketing companies offering tools to do similar jobs, how do you stand out? Having watched a demo of the tool, Enterprise Times editor Ian Murphy was left with a number of questions. Among them, how do you prevent this from being used to create digital fakes?
BlueVoyant
BlueVoyant has expanded its operations into Japan. The company has been building its Japanese team and investing locally for some time. Now it will bring its Microsoft expertise and partnership to Japan. BlueVoyant has signed a reseller agreement with Marubeni I-DIGIO Group, a subsidiary of Marubeni, one of Japan’s largest trading companies.
ENCS
ENCS submitted feedback to the Commission on the Cyber Resilience Act technical description of the categories of important and critical products with digital elements. Although the response was on the 15th April, ENCS didn’t make any public statement on it until this week.
In its response, it said, “As a member organization representing 29 distribution and transmission system operators in Europe, ENCS is concerned about the possible impact of two of the definitions of critical products on the electricity sector. For smart meter gateway, the current definition does properly reflect the implicit definitions used in the sector.
“Our only concern is that the definition is complex and hence may be read in different ways. In our comments, we propose a rephrasing to remove the ambiguity. For the hardware devices with security boxes, we are concerned that the current definition is too broad.
“Most products that include countermeasures against physical attacks seem to fall under the proposed definition. This includes many products that are not currently covered under certification schemes such as EUCC, and that do not pose a critical risk to essential entities under NIS 2 if they are compromised through a physical attack.
‘We think the proposed definition needs to be refined to incorporate these properties that critical products should have according to point (46) in the CRA recitals.”
eSentire
eSentire reacted to SAP disclosing a maximum severity vulnerability impacting SAP NetWeaver systems. CVE-2025-31324 (CVSS: 10) is a missing authorization vulnerability found in SAP NetWeaver (Visual Composer development server), version 7.50. There is already confirmation that the CVE is being actively exploited.
eSentire announced what actions it was taking, and provided advice to SAP NetWeaver customers on what they should do.
FBI
The FBI has released its 2024 IC3 (Internet Crime Complaint Center) Report. It shows that 2024 set a new record for losses reported to IC3, totalling a staggering $16.6 billion. Fraud represented the bulk of reported losses in 2024, and ransomware was again the most pervasive threat to critical infrastructure. Complaints about it rose 9% from 2023. As a group, those over the age of 60 suffered the most losses and submitted the most complaints.
ManageEngine
ManageEngine announced the appointment of Subin George, a seasoned technology leader with over two decades of experience, as its new regional business director for Latin America and the Iberia region. In his new role, he will oversee all operational activities in these markets. His relocation to Colombia represents a strategic move to strengthen ManageEngine’s presence and showcase the company’s continued commitment to the region’s growth.
noyb
noyb has filed a complaint against the French video game developer and publisher Ubisoft. The company forces its customers to connect to the internet every time they launch a single-player game. This is the case even if the game doesn’t have any online features. This allows Ubisoft to collect people’s gaming behaviour, including when you play, how long you play and when you stop.
When challenged, Ubisoft wouldn’t say why it needs the information. There is no valid legal basis to gather such user data under Article 6(1) of the GDPR. As such, noyb has made a complaint to the Austrian data protection authority (DSB).
US Department of Justice
A federal grand jury in Florence, South Carolina, has indicted three men for laundering millions of dollars of proceeds from drug trafficking. The three accused are Nasir Ullah, Naim Ullah, and Puquan Huang.
Matthew R. Galeotti, Head of the Justice Department’s Criminal Division, said “As alleged in the indictment, the defendants laundered tens of millions of dollars in drug proceeds from the United States through China and the Middle East, enabling a continuous flow of fentanyl and other dangerous drugs into our country from Mexico.
“Dismantling transnational criminal organizations and Chinese Money Laundering Organizations that support them is a critical priority for the Department. Alongside DEA and our local law enforcement partners, we will continue to prosecute the financial networks that fuel illegal drug trade and profit from the sale of deadly substances.”
Vaultree
Vaultree has appointed David Currie as its new CEO. Previously an advisor to the Vaultree board for four years, David is an incredibly accomplished cybersecurity professional with a strong background in information security and risk management, and a wealth of leadership experience in highly technical organizations.
Currie was previously the Chief Information Security Officer at Nubank, CISO at Klarna, and Group CISO at Hong Kong Exchanges and Clearing Limited.
Ryan Lasmaili, the newly appointed Chief Strategy Officer (CSO) at Vaultree, says: “David has a deep understanding of encryption and has built technical engineering teams responsible for developing cryptographic products. As a result, he is one of the most encryption-savvy CISOs in the market today.”
