SailPoint IPO Signals Bright Spot for Cybersecurity
SailPoint, a leader in identity and access management (IAM), has returned to the public markets with a bang, raising $1.4 billion from its IPO, pricing shares at $23 and achieving a market cap of $13.3 billion. This marks the first tech IPO of 2025 and follows a 2022 buyout by Thoma Bravo, which still holds 88% of SailPoint post-IPO. Specializing in cloud-based IAM solutions, SailPoint helps enterprises manage and secure user identities and access. The IPO comes after a dry spell for cybersecurity offerings on the public market, and it could ignite investor interest in startups tackling identity and AI-driven security challenges. For more details, visit TechCrunch.
Virginia Attorney General’s Office Struck by Cyberattack
The Virginia Attorney General's office suffered a cyberattack this week that caused a widespread outage, knocking nearly all systems offline, including key services like Outlook and Teams. The attack is being investigated by Virginia State Police and other law enforcement agencies. The office has not provided further details but confirmed the disruption has impacted its ability to work with the state's agencies and courts. The attack underscores the vulnerability of government systems despite heightened security measures. For full coverage, check TechCrunch.
Sean Cairncross Nominated for National Cyber Director
Sean Cairncross, former CEO of the Millennium Challenge Corporation, has been nominated as the next National Cyber Director, tasked with overseeing U.S. cybersecurity efforts. His nomination comes after the resignation of Harry Coker, with Cairncross expected to continue efforts to coordinate federal cybersecurity policy. Alongside him, Sean Plankey is nominated to lead CISA. These nominations reflect the growing importance of cybersecurity in the current U.S. political landscape, especially in light of recent high-profile cyberattacks. For more information, read TechCrunch.
Meta Paid Out Over $2.3 Million in Bug Bounties in 2024
Meta’s bug bounty program hit new heights in 2024, distributing over $2.3 million to security researchers. In total, nearly 10,000 vulnerability reports were submitted, with about 600 qualifying for rewards. This follows Meta’s continued commitment to improving the security of its vast ecosystem, which includes Facebook, Instagram, and WhatsApp. With a focus on mobile, hardware, and AI-related bugs, Meta’s bug bounty initiative remains a crucial part of its cybersecurity strategy. For more details, visit TechCrunch.
Google Pays $55,000 Bug Bounty for Chrome Vulnerability
Google has issued a new Chrome browser update fixing several high-severity vulnerabilities, including a $55,000 bug bounty for a critical issue in the V8 JavaScript engine. The flaw, a use-after-free bug, could allow remote code execution, underscoring the ongoing importance of memory safety in web security. Google’s proactive bug bounty program has been essential in identifying and mitigating potential exploits before they can be leveraged by attackers. Full coverage is available at TechCrunch.
QuSecure Banks $28M Series A for Post-Quantum Cryptography Tech
QuSecure, a startup specializing in quantum-resistant cryptography, has raised $28 million in Series A funding. This investment will help the company expand its post-quantum security offerings, with a focus on helping industries like government and finance prepare for the quantum computing era. QuSecure’s solutions are designed to provide cryptographic agility without requiring major infrastructure overhauls. With rising concerns over quantum threats to traditional encryption methods, QuSecure is positioning itself as a key player in the quantum-safe encryption space. For more details, visit TechCrunch.
CyberArk Expands Identity Security Play With $165M Acquisition of Zilla Security
CyberArk has acquired Zilla Security, a leader in identity governance and administration (IGA), for $165 million. This acquisition strengthens CyberArk’s position in the identity security market, adding AI-driven tools to automate user provisioning and compliance. With an increasing demand for cloud-native security solutions, this strategic move will help CyberArk deliver a unified platform for managing both human and machine identities. For more coverage, read TechCrunch.
Jscrambler Raises $5.2 Million for Code, Webpage Protection Solution
Jscrambler, a provider of client-side security solutions, has raised $5.2 million to advance its real-time JavaScript protection technologies. The company helps e-commerce businesses and web services prevent data theft, web skimming, and other threats by securing front-end code. With this investment, Jscrambler aims to address the rising urgency for PCI DSS v4 compliance, focusing on preventing skimming attacks that compromise payment card data. This funding round strengthens its position in the cybersecurity market for web and mobile applications. Full story available on TechCrunch.
Palo Alto Networks Patches Potentially Serious Firewall Vulnerability
Palo Alto Networks has issued patches for a critical vulnerability, CVE-2025-0108, in its firewall product that allows unauthenticated attackers to exploit the management interface. The flaw was identified after its public disclosure, and attempts to exploit it have already been reported. The vulnerability could lead to remote code execution, making it a significant threat to unpatched systems. Palo Alto Networks is urging customers to apply the fixes as soon as possible. More information can be found on TechCrunch.
Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation
Rapid7 has uncovered a new zero-day vulnerability in PostgreSQL that was used in attacks against BeyondTrust’s remote support product, which led to breaches at the U.S. Treasury Department. The vulnerability, CVE-2025-1094, enables SQL injection and remote code execution, making it a critical risk. The PostgreSQL flaw was exploited alongside vulnerabilities in BeyondTrust’s software, illustrating the growing threat to public sector and private organizations. For more details, visit TechCrunch.
Drata to Acquire SafeBase in $250 Million Deal
Drata, a leader in security and compliance automation, has announced its acquisition of SafeBase, a provider of trust center solutions, for $250 million. This acquisition will enhance Drata's platform, enabling organizations to automate security reviews and simplify vendor risk management. The merger aligns with Drata's mission to streamline compliance processes across industries while enhancing transparency and customer trust. More details are available on TechCrunch.
Ivanti, Fortinet Patch Remote Code Execution Vulnerabilities
Ivanti and Fortinet have released security updates to fix critical vulnerabilities in their products, including remote code execution flaws that could impact systems globally. Ivanti addressed 11 security defects, while Fortinet patched 14 advisories, many of which could lead to privilege escalation or data tampering. Organizations are urged to update their systems immediately to mitigate potential threats. For full coverage, visit TechCrunch.
GAO Tells Coast Guard to Improve Cybersecurity of Maritime Transportation System
A recent Government Accountability Office (GAO) report has urged the U.S. Coast Guard to strengthen its cybersecurity measures for the Maritime Transportation System (MTS). The report identified significant gaps in data accessibility and personnel competencies, recommending improvements in the Coast Guard’s cyber plans and oversight. This comes in light of ongoing cyber threats targeting the critical infrastructure of U.S. ports and maritime operations. Read more on TechCrunch.
SonicWall Firewall Vulnerability Exploited After PoC Publication
SonicWall's firewall vulnerability, tracked as CVE-2024-53704, is being actively exploited by attackers after proof-of-concept (PoC) code was publicly released. The flaw allows unauthenticated access to SSL VPNs, bypassing multi-factor authentication protections and enabling data exfiltration. This vulnerability is seen as a serious risk for users of SonicWall’s products, and the company has urged customers to update their systems immediately to prevent exploitation. More information is available on TechCrunch.
Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks
The Chinese state-sponsored APT group Salt Typhoon has been exploiting two Cisco vulnerabilities to target telecom providers worldwide. Despite the vulnerabilities being patched, the group has continued its attacks, focusing on over 1,000 internet-facing Cisco devices since December 2024. Salt Typhoon, believed to be linked to China’s Ministry of State Security, has been responsible for high-profile hacks of critical infrastructure. For full details, visit TechCrunch.
New Windows Zero-Day Exploited by Chinese APT: Security Firm
ClearSky Cyber Security has reported the exploitation of a new Windows zero-day vulnerability by the Chinese APT group Mustang Panda. The flaw, a UI vulnerability, has allowed the group to conduct cyber-espionage activities. Microsoft has acknowledged the vulnerability but classified it as low severity. ClearSky’s findings reveal that the group is leveraging the flaw for targeted attacks. For more, check out TechCrunch.
Chinese Cyberspy Possibly Launching Ransomware Attacks as Side Job
Symantec has uncovered evidence that a Chinese cyber-espionage group, linked to the Mustang Panda APT, has been launching ransomware attacks using their toolset. These attacks, carried out on software companies in Southeast Asia, appear to be an attempt to profit from ransomware while continuing their espionage efforts. The cybercriminals leveraged an old Palo Alto firewall vulnerability to gain access. Full details can be found on TechCrunch.
SecurityWeek Analysis: Over 400 Cybersecurity M&A Deals Announced in 2024
In 2024, the cybersecurity M&A market saw 405 deals, with a notable increase in activity during the second half of the year. North America led the charge, and financial details revealed a total disclosed value of $50.75 billion for the deals, including major acquisitions like Mastercard’s purchase of Recorded Future. The report highlighted a strong focus on governance, risk management, compliance (GRC), and data protection companies. For more, read TechCrunch.