This round-up covers the two weeks starting 28th April. It’s been a busy and chaotic two weeks with RSA and many other conferences. No surprise, therefore, that the primary topic over that period has been the rise of AI and the increasing number of cyberattacks.
In other news, Qualys has expanded its invite-only managed Risk Operation Management (mROC) Partner Alliance. The result has been a number of its Managed Service Partners (MSPs) embracing its strategy to help customers better manage risk. Its ROC strategy puts risk on a par with the Security Operations Centre (SOC), giving security teams a comprehensive way of addressing cyber risk and cybersecurity.
Matt Middleton-Leal, managing director of EMEA North and South at Qualys, explains the importance of the Risk Operations Centre (ROC) in this podcast. Organisations, including MSPs, are very familiar with Security Operations Centres (SOC). They enable organisations to identify when a security incident has happened, enabling them to respond quickly on behalf of a customer.
Takashi Goto, Senior Vice President, Strategy at NTT Research, Inc. and Fang Wu, Vice President, Business Development at NTT Research, Inc., talk about Attribute-Based Encryption in this podcast recorded at NTT Upgrade in San Francisco last month.
At Appian World in Denver, Colorado, the company stepped up its approach to developers with its first-ever DevCon. It gave the company an opportunity to focus on all its new products coming up. Some of those will be GA in 25.2, which will be available in June, and others are entering open beta. There were plenty of QR codes for people to click on to get on those beta programmes.
Also at Appian World in Denver, Colorado, the company unveiled more information about new products and its upcoming 25.2 release. Among those announcements are Agent Studio, intelligent document processing in AI Document Center, and smart search. It has also said that Gen AI agents can be used in Autoscale, allowing customers to deploy more of them.
Expereo has published findings in a survey it commissioned from IDC in an IDC Infobrief: Enterprise Horizons, 2025. The report is based on a survey of 650 technology leaders across the UK, Europe, the US and APAC. It analyses the challenges that technology leaders face in building a resilient and competitive organisation in the age of AI.
360 Privacy
360 Privacy won Hot Company in the Digital Executive Protection category from Cyber Defense Magazine (CDM). Adam Jackson, founder and CEO of 360 Privacy, said, “This recognition from Cyber Defense Magazine validates our mission to provide 360 coverage across the attack surface and bridge the critical gap between cybersecurity and physical security.
“In today’s increasingly complex threat landscape, protecting executives’ digital footprints is no longer optional—it’s essential. Our team combines human expertise with proprietary technology to deliver comprehensive protection that traditional security approaches can’t match. We’re honored to be recognized among the industry’s most innovative companies and remain committed to staying ahead of tomorrow’s threats.”
BlueVoyant
BlueVoyant subsidiary, 202 Group, dbaBlueVoyant Government Solutions, made a joint announcement with Carahsoft. The two companies have made BlueVoyant’s AI-driven supply chain risk management (SCRM) platform available on the U.S. General Services Administration’s (GSA) Supply Chain Risk Illumination Professional Tools and Services (SCRIPTS) Blanket Purchase Agreement (BPA).
The deal is said to be worth $919 million over 10 years. It provides the Department of Defense (DoD) and other branches with streamlined access to BlueVoyant’s comprehensive Supply Chain Defense for Government (SCD-G) platform
BlueVoyant launched its Continuous Optimization for Microsoft Security (COMS) offering. COMS improves security outcomes, helping customers stay ahead of cyber threats. It provides enterprises with dynamic, threat-informed detection analytics and proprietary tooling for Microsoft Defender.
eSentire
eSentire delivered its analysis of the Pure Crypter malware-as-a-service (MaaS) loader. The analysis delivers a detailed description of Pure Crypter’s architecture. It also introduces a specialised automation tool from eSentire for security researchers.
Europol
Polish authorities arrested four individuals who were running a network of platforms to launch cyberattacks worldwide. They also took down six stresser/booter services, Cfxapi, Cfxsecurity, neostress, jetstress, quickdown and zapcut, that could be accessed for as little as €10. In the US, 9 domains associated with booter services were seized.
The actions took place as part of the ongoing Operation PowerOff. It is an international agreement targeting DDoS-for-hire services. Law enforcement from Poland, Germany, the Netherlands and the US were involved.
FBI
The FBI continues to release state-by-state details of its 2024 Internet Crime Report. Each state is calling out the types of crime, the cost to citizens and the number of complaints received. No state comes out of this well, showing how much of a problem cybercrime is across the US.
A domain seizure warrant was unsealed, along with an indictment charging Russian nationals, Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich Morozov, 41, Aleksandr Aleksandrovich Shishkin, 36, and Dmitriy Rubtsov, 38, a Kazakhstani national, with Conspiracy and Damage to Protected Computers. It relates to the maintenance, operation, and profit from botnet services known as Anyproxy and 5socks.
Court documents reveal that the 5socks.net website advertised more than 7,000 proxies for sale worldwide, including in the United States. Users paid a monthly subscription fee, ranging from $9.95 to $110 per month. The website’s slogan, “Working since 2004!”, indicates that the service has been available for more than 20 years.
The defendants are believed to have amassed more than $46 million from selling access to the infected routers that were part of the Anyproxy botnet.
ManageEngine
ManageEngine announced that it has added AI-powered enhancements to its privileged access management platform, PAM360. A new privileged task automation module enabled by Qntrl, Zoho’s unified workflow orchestration platform, has also been introduced.
Together, these newly added capabilities help enterprises automate enterprise-wide administrative routines, enforce least privilege at scale with intelligent, context-aware controls and reduce security risks through automated remediation.
The key here is that ManageEngine is introducing AI-governed least privileged access. It will reduce the privileges that AI agents are granted and lower the risk of data leakage.
National Cyber Security Centre
The NCSC has warned that preparing for the threat from post-quantum will make fixing the Millennium Bug look easy. It’s a stark warning of the challenges organisations will face in updating their technology. The NCSC’s CTO says that this could be a “decade-long, national-scale technology change.”
The NCSC has also warned that there is a growing “digital divide” between those organisations that can keep pace with AI-enabled threats and those that cannot. That digital divide will heighten the UK’s overall cyber risk. It gives more details in a short report, looking at the impact of AI on cyber threat from now to 2027.
noyb
The Verbraucherzentrale North Rhine-Westphalia has now officially requested that Meta cease and desist its AI training plans in the EU. It is also considering further legal steps if the company fails to respond. noyb fully supports the Verbraucherzentrale’s action. The action is timely because Meta has already said it will start training on posts from May 27, ignoring the Irish DPA order to halt the plans.
Qualys
Qualys has announced major updates to its TotalAI solution. It claims this will secure organizations’ complete MLOps pipeline from development to deployment. It allows organizations to rapidly test their large language models (LLMs), even during development testing cycles. That will deliver stronger protection against more attacks and on-premises scanning powered by an internal LLM scanner.
US Department of Justice
Raytheon Companies and Nightwing Group paid $8.4M to resolve False Claims Act allegations. The two organisations were charged with making false claims around cybersecurity requirements in contracts involving the US Department of Defense (DoD). The companies failed to implement required cybersecurity controls on an internal system.
