The post Dropping FBOMs: Securing Your Supply Chain with Software and Firmware Bills of Materials appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.| Eclypsium | Supply Chain Security for the Modern Enterprise
The Edge Case That Became the Main Event Network edge devices such as routers, switches, firewalls, VPNs, and access points are being targeted by waves of cyberattacks. The RedNovember attack campaign disclosed by RecordedFuture’s Insikt Group is the latest in a string of campaigns targeting SonicWall, Cisco, Palo Alto, Fortinet, and Ivanti devices inside government, […] The post The Hunt for RedNovember: A Depth Charge Against Network Edge Devices appeared first on Eclypsium | Supply Cha...| Eclypsium | Supply Chain Security for the Modern Enterprise
Transcript CISA ED 25 03 – Cisco Security Update: Multiple Critical Vulnerabilities Under Active Attack Host: Chase SnyderRecording Date: September 2025 Current Threat Landscape Overview Chase: Cisco is in the news and in the crosshairs of cyber attackers today, so we’re going to do a quick update on the threat landscape around Cisco because there are several different […] The post CISA ED 25-03 Warns of Cisco ASA Device Compromises appeared first on Eclypsium | Supply Chain Security...| Eclypsium | Supply Chain Security for the Modern Enterprise
Attackers Living Outside The Operating System Like many in our field, I thought we’d seen the last of Petya-style attacks after the chaos of 2017. As it turns out, that was wishful thinking. ESET Research recently uncovered something that caught my attention immediately – a new variant they’ve dubbed “HybridPetya” that combines ransomware with UEFI […] The post HybridPetya Ransomware Shows Why Firmware Security Can't Be an Afterthought appeared first on Eclypsium | Supply Chain Se...| Eclypsium | Supply Chain Security for the Modern Enterprise
Firmware protection is gaining increased urgency as cyberattackers from ransomware gangs to nation state APTs target firmware vulnerabilities to maintain persistence in target environments. Eclypsium has been mentioned as a sample vendor in two Gartner Hype Cycles in 2025 under the Firmware Protection as a Service product category. Why Firmware Protection Is Important to Infrastructure […] The post Eclypsium Acknowledged for the Firmware Protection as A Service Category in two Gartner® H...| Eclypsium | Supply Chain Security for the Modern Enterprise
In this episode of Below the Surface, the hosts discuss various cybersecurity topics, including the evolution of malware with a focus on Hybrid Petya, the implications of UEFI vulnerabilities, and the security risks associated with Windows 10’s end of life. They also explore the vulnerabilities of Cisco ASA devices, the rise of supply chain attacks […] The post BTS #60 - HybridPetya and UEFI Threats appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.| Eclypsium | Supply Chain Security for the Modern Enterprise
UPDATE: CISA has issued an emergency directive about an active attack against CISCO ASA devices. A massive surge in scans targeting Cisco Adaptive Security Appliance (ASA) devices was observed by GreyNoise in late August 2025, with over 25,000 unique IPs probing ASA login portals in a single burst. This anomalous activity is highly suggestive of […] The post Surge in Cisco ASA Scanning Hints At Coming Cyberattacks appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.| Eclypsium | Supply Chain Security for the Modern Enterprise
The post GPU Security in Practice: A Neocloud Provider's Approach appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.| Eclypsium | Supply Chain Security for the Modern Enterprise
Get insights on Eclypsium’s unique approach to digital supply chain security, infrastructure code security, the latest in vulnerability risk management, and industry trend developments.| Eclypsium | Supply Chain Security for the Modern Enterprise
Eclypsium’s digital supply chain security platform secures the infrastructure code inside connected devices that most security products don’t touch.| Eclypsium | Supply Chain Security for the Modern Enterprise
Juniper routers are under attack using custom versions of open source backdoors, likely by nation-state adversaries targeting network infrastructure in telcos and ISPs.| Eclypsium | Supply Chain Security for the Modern Enterprise
Internal conflicts within the notorious Black Basta ransomware group have led to a massive leak of the group’s internal chat messages. While the messages are disorganized and full of internal jargon, they contain a wealth of insight into the group’s operations and techniques. This type of disclosure can be a goldmine for security professionals because […]| Eclypsium | Supply Chain Security for the Modern Enterprise
In this episode of Below the Surface, host Paul Asadoorian speaks with Evan Dornbush, CEO of Desired Effect, about the evolving landscape of exploit marketplaces and vulnerability research. They discuss the challenges researchers face in monetizing their findings, the ethical implications of selling exploits, and the importance of timely intelligence for defenders. The conversation also […] The post BTS #59 - Exploit Marketplaces appeared first on Eclypsium | Supply Chain Security for the M...| Eclypsium | Supply Chain Security for the Modern Enterprise
Software bills of materials (SBOMs) have been around for years, but they’re historically ill defined, hard to generate, update, and use. So most organizations don’t. But a series of new laws and cybersecurity guidelines issued from 2023-2025 may signal a change that will drive more organizations to make practical use of SBOMs, as well as […] The post The Rise of SBOM Requirements In Cybersecurity Guidelines and Laws appeared first on Eclypsium | Supply Chain Security for the Modern Ente...| Eclypsium | Supply Chain Security for the Modern Enterprise
In May, 2025 the U.S. Secretary of Defense announced support for the Golden Dome for America (GDA). The project is a next-generation missile defense shield to be integrated with existing U.S. air and missile defense systems. The memo announcing support for GDA lists several requirements for vendors providing hardware and software for the project, with […] The post Golden Dome Requires Firmware Bills of Materials, SBOMs, and Other Supply Chain Security Measures appeared first on Eclypsium | ...| Eclypsium | Supply Chain Security for the Modern Enterprise
In this episode, the hosts discuss various cybersecurity topics, focusing on hardware vulnerabilities, UEFI attack vectors, and the implications of new regulations on device security. They explore the evolution of Mirai variants targeting IoT devices and the challenges of securing firmware. The conversation highlights the need for improved security measures and the complexities of managing […] The post BTS #58 - UEFI Vulnerabilities and Hardware Risks appeared first on Eclypsium | Supply Ch...| Eclypsium | Supply Chain Security for the Modern Enterprise
Attackers have a tendency to exploit legacy IT infrastructure, especially outdated and end-of-life (EOL) network devices, as they are often overlooked by security teams. Recent cases of router-based malware campaigns highlight the need for proactive defense even against decades-old vulnerabilities.| Eclypsium | Supply Chain Security for the Modern Enterprise
The GPUHammer Vulnerability is one of many hardware level security challenges facing AI infrastructure. Here’s what’s happening, and how to secure your GenAI Cloud workloads.| Eclypsium | Supply Chain Security for the Modern Enterprise
Get insights on how to protect supply chain security for your enterprise infrastructure with Eclypsium.| Eclypsium | Supply Chain Security for the Modern Enterprise
Netgear (and similar) devices, such as IoT routers, are a significant target for cyber attacks and exploitation.| Eclypsium | Supply Chain Security for the Modern Enterprise
CISA’s Known Exploited Vulnerabilities catalog has added a baseboard management controller vulnerability for the first time, marking a paradigm shift in attacker behavior.| Eclypsium | Supply Chain Security for the Modern Enterprise
Eclypsium's platform enhances supply chain security by incorporating zero-trust in every device, fortifying hardware, firmware, and software.| Eclypsium | Supply Chain Security for the Modern Enterprise
The Eclypsium research team has discovered a previously unknown remotely exploitable vulnerability in AMI’s MegaRAC software that allows attackers to bypass authentication remotely.| Eclypsium | Supply Chain Security for the Modern Enterprise
Was it DNS? It’s always DNS. In this case, DNS (Domain Name System) is filled with sitting ducks (Ducks Now Sitting) for domain name hijacking. Multiple threat actors have been exploiting this attack vector which we are calling Sitting Ducks since at least 2019 to perform malware delivery, phishing, brand impersonation, and data exfiltration. As […]| Eclypsium | Supply Chain Security for the Modern Enterprise