Eclypsium Research discusses critical vulnerabilities in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software, affecting millions of devices. These vulnerabilities enable unauthenticated remote code execution and unauthorized device access.| Eclypsium | Supply Chain Security for the Modern Enterprise
Verizon DBIR 2025 Key Stats: Network Device Attacks, Third Party Risk, and More Massive shifts in cyber attack behavior have been revealed in the 2025 Verizon Data Breach Investigation Report (DBIR). Here are a few of the most surprising stats with real world implications for cybersecurity strategy and attack surface management. Network Device and Edge […]| Eclypsium | Supply Chain Security for the Modern Enterprise
Last week CISA took a major step in the fight against ransomware and state-sponsored attacks by issuing Binding Operational Directive 23-02. This directive directly calls out an area where threat actors are the most active and successful in the wild—the exploitation of network infrastructure appliances such as VPNs, switches, routers, and firewalls as well as […]| Eclypsium | Supply Chain Security for the Modern Enterprise
Eclypsium Research has discovered and reported 5 vulnerabilities in AMI MegaRAC Baseboard Management Controller (BMC) software. MegaRAC BMC is widely used by many leading server manufacturers to provide “lights-out” management capabilities for their server products.| Eclypsium | Supply Chain Security for the Modern Enterprise
Secure the hardware and firmware of AI data centers at the foundations, from the supply chain to secure decommissioning of devices. AI is the defining competition| Eclypsium | Supply Chain Security for the Modern Enterprise
Network devices were impacted by over 50% of the most routinely exploited vulnerabilities in 2023, and most were zero days.| Eclypsium | Supply Chain Security for the Modern Enterprise
Cisco SNMP Vulnerability (CVE-2025-20352) is evidence that attackers will weaponize mismanaged credentials and unpatched edge devices the moment the window opens. Supply chain security, visibility, behavioral monitoring, and privileged access discipline are no longer optional—they’re essential.| Eclypsium | Supply Chain Security for the Modern Enterprise
Juniper routers are under attack using custom versions of open source backdoors, likely by nation-state adversaries targeting network infrastructure in telcos and ISPs.| Eclypsium | Supply Chain Security for the Modern Enterprise
Internal conflicts within the notorious Black Basta ransomware group have led to a massive leak of the group’s internal chat messages. While the messages are disorganized and full of internal jargon, they contain a wealth of insight into the group’s operations and techniques. This type of disclosure can be a goldmine for security professionals because […]| Eclypsium | Supply Chain Security for the Modern Enterprise
Attackers have a tendency to exploit legacy IT infrastructure, especially outdated and end-of-life (EOL) network devices, as they are often overlooked by security teams. Recent cases of router-based malware campaigns highlight the need for proactive defense even against decades-old vulnerabilities.| Eclypsium | Supply Chain Security for the Modern Enterprise
The GPUHammer Vulnerability is one of many hardware level security challenges facing AI infrastructure. Here’s what’s happening, and how to secure your GenAI Cloud workloads.| Eclypsium | Supply Chain Security for the Modern Enterprise
CISA’s Known Exploited Vulnerabilities catalog has added a baseboard management controller vulnerability for the first time, marking a paradigm shift in attacker behavior.| Eclypsium | Supply Chain Security for the Modern Enterprise
Eclypsium's platform enhances supply chain security by incorporating zero-trust in every device, fortifying hardware, firmware, and software.| Eclypsium | Supply Chain Security for the Modern Enterprise
The Eclypsium research team has discovered a previously unknown remotely exploitable vulnerability in AMI’s MegaRAC software that allows attackers to bypass authentication remotely.| Eclypsium | Supply Chain Security for the Modern Enterprise
