EnGenius Technologies has announced the release of EnGenius Private Cloud (EPC)—a fully on-premises network management platform purpose-built for Managed Service Providers (MSPs) and system integrators who require full control over their deployments without relying on public cloud infrastructure. EPC runs on any standard PC, server, or virtual machine, giving partners the ability to manage enterprise-class networks while keeping all data inside their own environment.
Why EPC Is Essential for Today’s MSPs
MSPs and system integrators need EnGenius EPC because many of their customers cannot or do not want to use public cloud platforms due to data privacy, compliance, and security concerns. Many governments agencies mandate that all network management systems, logs, and user data remain strictly within their own infrastructure to meet data sovereignty, privacy, and security regulations. These policies prohibit the use of public cloud controllers, restrict external data transmission, and require full visibility and control over how information is stored, accessed, and audited. As a result, MSPs and system integrators serving government clients must deploy fully on-prem solutions like EnGenius EPC to ensure compliance, maintain operational independence, and protect sensitive information from being processed or stored outside government-controlled environments.
EPC: The Solution for Secure, Controlled Network Management
EPC solves these pain points by delivering a fully on-premises, multi-tenant management platform that keeps all data local, operates reliably even without internet, and significantly reduces long-term operational costs. As a 100% locally hosted and secure solution, EPC ensures that network management, logs, client data, and device credentials never leave the premises—giving partners complete control over customization, backups, policies, and overall performance.
EPC provides:
Centralized control of thousands of access points and switches
True multi-tenant architecture for managing multiple customers with complete separation
Unified configuration and rapid rollout across distributed sites
Full data ownership, supporting privacy-sensitive and compliance-driven environments
By combining cloud-level convenience with local, on-prem autonomy, EPC empowers MSPs to deliver premium managed services while maintaining the security, privacy, and performance their customers expect.
Key Features & Capabilities of EnGenius EPC
Fully On-Premises Deployment — Runs on local PC, server, or VM with no dependency on public cloud.
Complete Data Ownership — All logs, credentials, and client data stay inside the organization.
Multi-Tenant Architecture — Easily manage multiple customers or sites with full isolation.
Centralized Network Management — Unified dashboard for APs, switches, and multiple networks.
Scalable Design — Supports thousands of devices across distributed deployments.
Cloud-Like Convenience — Zero-touch provisioning, monitoring, and configuration automation.
Offline Operation — Controller continues working even with limited or no internet access.
Advanced Security Controls — Localized user authentication, access rights, audit logs, and more.
Flexible Deployment Options — Works on standard Linux environments and supports container-based architecture.
Customizable Policies & Backups — Full control over retention, updating schedules, and system backups.
With EPC, EnGenius redefines what on-premises network management can achieve—delivering flexibility, privacy, and reliability that the cloud simply cannot match.
The EPC will be available for download on the EnGenius website starting in January 2026 for EnGenius customers. For additional product specifications and purchasing information, visit: EnGenius Private Cloud
Posted in Commentary with tags BforeAI on January 22, 2026 by itnerd
PreCrime Labs, the threat research team at BforeAI identified a large cluster of suspicious domain registrations leveraging US military operations in Venezuela and the resulting information vacuum.
When the PreCrime Labs team investigated new domains related to the Venezuela matter and registered from December 1- January 12, 2026, a total of 829 domains were determined to be suspicious. An even more recent surge in domain registrations, primarily in January 2026, dominates the dataset. Approximately 546 domains were registered in the time period between January 3-5, 2026 alone. This represents a significant spike in activity compared to the December 2025 period leading up to the January 2 military action in which 110 related domains were registered over the entire month.
Posted in Commentary with tags Lokker on January 22, 2026 by itnerd
California’s new CPPA risk-assessment rules took effect January 1, 2026.
Lokker who are experts in online data privacy and compliance have just released new data showing most S&P 500 U.S. companies are not technically compliant, despite their consent banners and privacy policies.
Lokker’s Quarterly Risk Report – Q1 2026 examines how privacy risk is shifting from written commitments to technical reality. With CPPA risk assessment requirements now in effect, it looks at both what regulators, courts, and plaintiffs are now looking for, and what organizations must be able to demonstrate across their web properties.
Based on continuous scans of S&P 500 websites, Lokker found that over 90 percent load third-party trackers before consent, and roughly 80 percent rely on consent tools that actually fail in practice. As enforcement risk shifts from policy language and public statements to provable technical controls, web tracking technologies are becoming a primary exposure vector.
What Lokker scans reveal: Using continuous scanning across large enterprise websites, Lokker analyzed how tracking technologies behave in real-world conditions, not audit snapshots. The results are sobering.
Across industries, Locker consistently observed that trackers initiate data collection before meaningful consent is obtained. Consent management tools often appear compliant on the surface, yet fail under technical scrutiny. In many cases, third-party scripts activate on page load, across subdomains, or during specific user interactions that bypass consent controls entirely.
These failures are rarely intentional. They arise from complex modern web stacks, fragmented ownership of tracking tools, and constant changes introduced by marketing, analytics, and third-party vendors.
But an absence of intent isn’t a standard that regulators are likely to apply.
Enforcement and litigation risk: The regulatory environment is intersecting with an aggressive litigation landscape that’s often receptive to claims that web tracking technologies operate as unlawful surveillance mechanisms when deployed without proper notice and consent.
Recent cases have seen claims proceed based on the mere presence of certain tracking technologies on a website. This means that a single misconfiguration or script can expose an organization to regulatory inquiry and/or class action litigation.
British and Chinese security officials are seeking to established a “Cyber Dialogue” to discuss cyberattacks amidst hacking accusations by both sides, according to Bloomberg.
The forum is supposedly designed for security officials to manage threats to each other’s national security, by improving communication, allowing, for the first time, private discussion of deterrence measures, and avoiding and preventing escalation, as communicated by people familiar with the matter who spoke on condition of anonymity.
The collaboration comes after China’s top diplomat Wang Yi and British National Security Adviser Jonathan Powell met in Beijing in November agreeing to “confront and resolve issues” and “further enhance regular dialogues” after British officials said a month earlier that they believed Chinese hackers had spied on UK government computer systems for over a decade, and Chinese state-backed actors had compromised its critical infrastructure.
Meanwhile, the European Commission unveiled an updated cybersecurity framework that would tighten protections for critical infrastructure by targeting “high-risk” foreign suppliers of digital equipment and services.
The proposed legislation marks a shift from previous voluntary guidelines toward mandatory rules giving the Commission the authority to require removal of these high-risk vendors from key sectors such as telecommunications and other infrastructure essential to the EU’s economy and security.
Although the proposal doesn’t explicitly name specific companies, officials have previously singled out concerns over equipment from Chinese technology firms like Huawei and ZTE.
The overhaul also includes a revised Cybersecurity Act designed to secure information and communications technology supply chains, streamline certification processes, and improve incident reporting and threat alerts.
The updated law would also empower the EU Agency for Cybersecurity (ENISA) to issue early warnings and support collaboration with Europol and national response teams.
Michael Bell, Founder & CEO, Suzu Labs had this comment:
“The Cyber Dialogue is a pragmatic move, not a naive one.
“In March 2024, the UK publicly accused China of breaching the Electoral Commission and targeting parliamentarians’ email accounts. They sanctioned individuals linked to APT31. They summoned China’s ambassador. Beijing called the accusations “fabricated and malicious slanders.”
“Eight months later, Wang Yi and Jonathan Powell met in Beijing and agreed to establish a Cyber Dialogue. That looks like whiplash, but there’s logic to it.
“Cyber operations exist in a gray zone. They’re not acts of war, but they’re not peacetime activity either. Without communication channels, an incident response could be misread as aggression. Escalation becomes more likely when neither side understands the other’s red lines.
“There’s precedent. In 2015, Obama and Xi established a cyber agreement with hotlines and joint dialogue mechanisms. US officials reported a drop in certain Chinese intrusions afterward. It wasn’t perfect. The US later accused China of violations. But it created a framework for managing the problem.
“The UK is trying something similar. They’re not pretending the threat doesn’t exist. They publicly attributed attacks, imposed sanctions, and issued warnings about Volt Typhoon pre-positioning in critical infrastructure. Now they’re opening a channel to discuss deterrence and prevent miscalculation.
“Whether it works depends on whether both sides actually use it. The 2015 US-China agreement produced results until it didn’t. The UK-China dialogue could follow the same trajectory. But having the channel is better than not having it.
“The alternative, pure confrontation without communication, creates its own risks. In cyberspace, those risks are harder to see until they materialize.
“In regards to the EU targeting “high-risk” tech suppliers, honestly, it sounds like Brussels ran out of patience.
“The 5G Security Toolbox has been voluntary guidance since January 2020. It recommended that member states assess high-risk vendors and impose restrictions where necessary. Six years later, only 10 of 27 member states actually did anything meaningful about Huawei and ZTE. The patchwork approach created exactly the security gaps the Toolbox was supposed to prevent.
“The new legislation fixes that by making removal mandatory. High-risk suppliers must be phased out within three years of the law taking effect. The scope expands beyond mobile networks to fixed and satellite infrastructure across 18 critical sectors: water, electricity, cloud services, semiconductors, medical devices.
“The Commission will conduct EU-wide risk assessments based on country of origin and national security implications. ENISA gets real authority: early threat alerts, centralized incident reporting, coordination with Europol. A formal catalogue of high-risk suppliers will follow via implementing act. Huawei and ZTE are expected to be on it.
“This is expensive. Germany alone faces an estimated €2.5 billion to replace Huawei equipment across Deutsche Telekom, Vodafone, and Telefónica. EU-wide, operators are looking at roughly €3 billion annually in higher infrastructure costs. That’s not a rounding error. It’s why voluntary guidelines failed. Member states and operators kept finding reasons to delay.
“The legislation removes the option to delay. It’s regulatory coercion, and it’s probably necessary. Security through voluntary compliance only works when everyone complies. When half the member states ignore the guidance, you get exploitable gaps.
“For enterprises operating in the EU, this means vendor audits, procurement changes, and certification requirements through ENISA. The three-year timeline sounds manageable until you account for supply chain constraints and the reality that everyone will be competing for the same alternative equipment.
“Both approaches respond to the same underlying reality: Chinese state-affiliated actors have demonstrated capability and intent to compromise Western infrastructure. The UK and EU are choosing different tools to manage that risk.
“The UK is betting that communication reduces the chance of catastrophic miscalculation. The EU is betting that removing the attack surface is more reliable than trusting dialogue.
“Neither approach is wrong. They’re addressing different aspects of the same problem. The UK approach manages the state-to-state relationship. The EU approach manages the technical supply chain risk.
“For enterprises, the implication is clear: you can’t rely on a single approach. You need security architecture that accounts for both diplomatic uncertainty and regulatory mandates. The technology landscape is fragmenting, and your vendor strategy needs to fragment with it.”
John Carberry, Solution Sleuth, Xcape, Inc. follows with this comment:
“The UK-China cyber dialogue signals a shared understanding that unchecked cyber tensions pose serious escalation risks for global powers. Creating forums for discussing deterrence and intentions could minimize miscalculations, even if persistent accusations of espionage between the two nations remain unresolved.
“Concurrently, Europe’s implementation of mandatory restrictions on “high-risk” suppliers demonstrates that dialogue doesn’t automatically equate to trust. The EU’s framework signifies a stricter stance on supply-chain security, transitioning from voluntary recommendations to legally binding regulations with tangible economic impacts. This shift from voluntary guidelines to mandatory exclusions for companies like Huawei and ZTE suggests that while the UK pursues dialogue, the wider Western approach is leaning towards complete technological decoupling.
“ENISA’s augmented responsibilities for early warnings, incident reporting, and cross-border responses further underscore Europe’s focus on cybersecurity as a matter of technological sovereignty rather than mere IT best practices. By granting ENISA and Europol enhanced early-warning capabilities, the EU is fortifying itself against the very state-sponsored actors the UK is now engaging with diplomatically.
“Collectively, these trends illustrate a two-pronged strategy: diplomatic efforts to influence state conduct, combined with structural defenses to mitigate systemic vulnerabilities. Cybersecurity policy is increasingly serving as both a diplomatic instrument and a component of industrial strategy.
“You can’t build a bridge of trust with diplomacy while simultaneously bricking up the windows to keep the “partners” out of the house.”
Trust isn’t built overnight. Which I suspect will mean that any real traction on this will take a while to materialize any results. Which is fine as long as everyone sticks to it.
Liquibase today announced fiscal year 2025 momentum driven by accelerating new customer demand, record Liquibase Community adoption, and continued operating discipline.
Late 2025 outages across major internet services were a reminder that change can cascade at scale into widespread disruption. As AI pushes more automation downstream, database changes increasingly require enforcement before production and evidence after release.
Database Change Governance is the enforcement and evidence layer for database change. It prevents risky changes from reaching production and produces proof of what ran, where, and when after release, so teams can ship faster without sacrificing control. Without it, a breaking schema change can ripple across applications, data products, and automated workflows.
FY25 momentum highlights
New ARR increased more than 85 percent year over year
Liquibase Community surpassed 15 million downloads in 2025
Operating efficiency improved dramatically over the last few years, strengthening operating leverage and execution discipline.
Liquibase Secure won the 2025 DevOps Dozen Award for Best DevOps for DataOps and Database Solution
Liquibase was also named a finalist in three DevOps Dozen categories: DevSecOps, Database DevOps, and Mainframe Modernization
Expanded platform partnerships with Databricks and MongoDB to bring governed database change to modern data platforms and AI driven applications.
Liquibase also expanded its ecosystem partnerships to meet teams where database change is happening, inside modern data platforms and AI driven applications. In 2025, Liquibase partnered with Databricks to bring modern change management to the lakehouse and announced a strategic technology integration with MongoDB to bring governance to AI driven database changes.
Governance customers use in real delivery workflows
Liquibase Secure helps teams ship database change with guardrails and proof. Teams use Policy Checks to enforce policies before changes reach production, and Reports to generate audit ready evidence of what was applied, where, and when. Together, these governance capabilities integrate into automated deployments, reducing late stage surprises and making releases more predictable.
Customer feedback reinforces this. As one TrustRadius reviewer, a Senior Configuration Management Advisor, put it: “Liquibase fixes a problem everyone has but doesn’t know there’s an answer for.”
Industry recognition
Liquibase Secure was named the winner of the 2025 DevOps Dozen Award for Best DevOps for DataOps and Database Solution.
Leadership additions to scale the next phase
Liquibase strengthened its leadership team in FY25 to support product velocity, enterprise execution, and international growth.
David De Paula, VP International Sales, former VP Sales, EMEA and APAC at CloudBees
Mike Runco, VP Sales, North America, former VP of Sales at UnifyApps
Ryan McCurdy, VP of Marketing, former SVP of Marketing at Astronomer
Steve Surace, VP of Engineering, former VP of Engineering at Datto
Arcitecta today announced that it will demonstrate its advanced Mediaflux® research data management platform in booth #14 at Supercomputing Asia 2026, January 26-29, at the Osaka International Convention Center in Japan. The conference will be held in conjunction with HPC Asia 2026 (SCA/HPCAsia 2026).
Arcitecta is returning to Supercomputing Asia 2026 to share its vision for elegant, intelligent research data management. At a time when data is growing in volume, complexity, and value, Arcitecta’s Mediaflux platform brings balance to the research ecosystem, connecting people, instruments, storage and compute into a unified, metadata-rich environment. Built for HPC-scale workloads and diverse, data-intensive disciplines, Mediaflux transforms data into a living, dynamic resource that accelerates discovery.
Birds of a Feather Session: Managing and Sharing Large Scientific Data Sets
Arcitecta’s Global Business Development Lead, Robert Mollard, will join other distinguished panelists in an informative session to discuss the complexities of sharing large amounts of collected scientific data and to explore sharing techniques, models and software tools that address this challenge. Attendees will gain an understanding of contemporary practices and actionable methods for improving collaboration between research organizations with large data stores used for analysis and with HPC workflows and software.
Date and Time: Thursday, January 29, 2026, 11:30 am – 12:30 pm
Location: 12F Conference Hall of the Osaka International Convention Center
Panelists:
Robert Mollard, Arcitecta – Global Business Development Lead
Bronis R. de Supinski, CTO for Livermore Computing (LC) at Lawrence Livermore National Laboratory (LLNL)
Michael Hennecke, Distinguished Technologist at HPE – DAOS Systems/Software Engineering
Chris Maestas, IBM – CTO for Data and AI Storage Solutions
Matt Starr, Spectra Logic – CTO, VP APJ Sales, and VP Federal Sales
Thomas Metzger, Americas HPC Technical and Business Director at Intel Corporation
Werner Scholz, Xenon Systems – CTO and Head of R&D
CJ Newburn, NVIDIA Architect – IO and HPC Software Strategy
Jake Carroll, Director, Research Computing Centre – University of Queensland
The New Digital Preservation
Long-term data retention was once treated as a niche concern, limited to archives and specialized domains. Today, research data is routinely retained for decades, often by default rather than by design. This shift is reshaping how institutions think about storage, lifecycle management, cost, and sustainability.
Digital preservation is no longer a “future” problem; it is a challenge that organizations must begin addressing now. Mediaflux delivers intelligent, policy-driven data placement across the entire storage hierarchy, from high-performance hot tiers to economical long-term archives.
Cerabyte, the pioneer of ceramic-based data storage solutions, will join Arcitecta in booth #14 to jointly demonstrate how the two companies address the need for data management in conjunction with long-term retention, enabling data storage that is easily accessible, permanent, sustainable and energy-efficient.
Posted in Commentary with tags Cloover on January 21, 2026 by itnerd
The globe is racing to secure its energy future as electricity demand rises, grids come under pressure, and households face growing uncertainty over costs and supply. At the same time, demand for decentralized energy solutions like solar, batteries, heat pumps, and EV charging is surging. The missing piece has been infrastructure that can deliver these systems at scale. Cloover was built to solve this gap by creating the operating system for energy independence – and today the company has announced a landmark financing commitment to accelerate the rollout of residential energy independence.
Cloover has secured $22 million in Series A equity financing alongside a $1.2 billion debt facility, bringing total capital commitments to $1.222 billion. The equity round was led by MMC Ventures and QED Investors, with participation from Lowercarbon Capital, BNVT Capital, Bosch Ventures, Centrotec, and Earthshot Ventures. The debt facility was provided by a leading European bank to fund customer and installer financing on the platform. Cloover also benefits from a €300 million guarantee from the European Investment Fund, which underpins its financing programs and enables scalable, low-cost capital for the energy transition. In total, Cloover has now raised more than $30 million in equity financing and secured over $1.3 billion in debt.
The scale of this commitment reflects the urgency of the problem Cloover is addressing. Europe’s energy transition depends on hundreds of thousands of small and mid-sized installers, yet most operate with fragmented software, manual workflows, and limited access to capital. Traditional banks are ill-equipped to finance residential energy assets at speed and granularity, creating delays that stall installations and price many households out of clean energy. Cloover takes a fundamentally different approach by embedding financing directly into installer workflows and pairing it with an end-to-end software platform built specifically for decentralized energy.
At the heart of this innovation is AI-powered credit underwriting, which evaluates long-term energy savings rather than traditional credit metrics alone. Cloover also pre-finances public subsidies, allowing consumers to benefit immediately from state incentives. For institutional investors, Cloover opens the door to a new impact-aligned infrastructure asset class, backed by real performance data, climate impact tracking, and full transparency across the value chain.
Cloover is building the digital nervous system of the distributed energy economy. Its AI-powered platform integrates workflow management, financing, procurement, and energy optimization into one seamless operating system. It automates complex workflows, detects risks early, and empowers data-driven decisions from the first customer leading to long-term energy-management through Cloover’s EMS and dynamic tariffs. Further, Cloover’s AI Finance co-pilot helps SME installers solve capital flow challenges along the whole value chain and improve liquidity to enable faster growth. By replacing disconnected tools and slow financing processes with one integrated system, Cloover enables installers to close more projects, move faster, and serve a broader customer base.
Installers using Cloover offer financing at the point of sale, increasing conversion rates and unlocking new market segments. Automated workflows reduce administrative burden and improve throughput, while access to capital shortens cash cycles. On average, installer partners generate 30 percent incremental revenue through Cloover by reaching customers they previously could not serve. Homeowners benefit from access to decentralized energy without large upfront investments and see between 20 and 30 percent savings on energy costs through optimized system performance and financing.
By connecting manufacturers, installers, households, and investors in a unified ecosystem, Cloover ensures energy projects scale efficiently, transparently, and collaboratively – mirroring the way software unlocked scale for e-commerce two decades ago.
Cloover was founded after the team conducted extensive research with hundreds of energy installers across Europe and saw the same pattern repeat across markets. Demand for decentralized energy was accelerating, but the industry lacked the infrastructure to support mass adoption. Financing emerged as the most decisive bottleneck. While other sectors such as automotive benefit from thousands of specialized lenders, residential energy assets have only a handful. Cloover was created to close this gap by combining financing with modern software infrastructure and building a platform that supports installers rather than competing with them.
Cloover grew revenues more than 8x in 2025 while remaining profitable, approaching $100 million in sales. The company is projecting $500 million in 2026 and $1 billion in 2027, underscoring the explosive demand for distributed energy solutions.
The company’s growth is driven by powerful market forces. Rising energy demand driven by AI, grid instability, and the expansion of electric mobility are increasing pressure on existing systems. Governments are accelerating policy support for decentralized energy, while households are seeking greater control over their energy costs and supply. These trends are converging to create one of the largest infrastructure opportunities of the coming decade.
With the new capital, Cloover will expand into additional European markets and is considering France, Italy, the UK, and Austria, deepen its platform with further AI-driven workflow automation and financing products. For now, the team’s long-term vision is for Cloover to become the global platform powering decentralized energy, connecting manufacturers, installers, investors, and households through a single operating system designed to deliver affordable, and independent energy at scale.
ServiceNow and OpenAI today announced an enhanced strategic collaboration to power agentic AI experiences and accelerate enterprise AI outcomes. The agreement unlocks a deep collaboration between OpenAI technical advisors and ServiceNow engineers that will be equipped with its frontier models, which will give customers direct access to frontier capabilities, custom ServiceNow AI solutions built and aligned to their unique roadmaps, and increased speed and scale with no bespoke development required. ServiceNow will build direct speech-to-speech technology using OpenAI models to break through language barriers and offer more natural interactions. With the latest OpenAI models including GPT-5.2, ServiceNow will unlock a new class of AI-powered automation for the world’s largest companies.
Co-innovation that drives faster, easier customer adoption
As AI model releases accelerate, large enterprises need help keeping their workflows aligned with the latest innovations. Bringing OpenAI models into the ServiceNow AI Platform complements a customer’s ServiceNow configuration management database (CMDB) while also offering native, embedded access to intelligence to further inform actions that will be taken within workflows. ServiceNow’s AI Control Tower then provides the governance and orchestration layer, giving organizations centralized visibility into how models are applied across workflows, how they interact with enterprise data and systems, and how AI-driven actions are executed at scale in a controlled, auditable way. For example:
Real-time speech-to-speech voice agents: With OpenAI, ServiceNow is working toward real-time speech-to-speech AI agents that can listen, reason, and respond naturally without text intermediation. For example, a user can speak in their preferred language and receive an instant response from an AI agent that opens a case, triggers an approval, and orchestrates next steps without translation delay — reducing latency, preserving meaning, and eliminating unnecessary handoffs.
Super charging automation: Computer-use models from OpenAI unlock a new class of IT automation for ServiceNow customers by enabling interactions with systems. By turning unstructured documents into actionable data, this capability extends secure, context-aware automation across more environments — enabling autonomous orchestration of workplace tools like email and chat, automation of legacy systems including mainframes, and greater efficiency across complex IT landscapes.
Delivering AI impact on a foundation of proven success
This agreement builds on the long-standing efforts of ServiceNow to offer customers the choice of accessing OpenAI models for:
AI assistance that lets employees ask questions in natural language and get clear, actionable answers through speech-to-text capabilities.
AI-powered summarization and content generation for incidents, cases, knowledge articles, and service interactions — helping teams resolve issues faster with less manual effort.
Developer and admin tools that turn intent into workflows, logic, and automation, dramatically speeding how business processes are built and updated.
Intelligent search and discovery that pulls the right information from across enterprise systems exactly when it’s needed.
ServiceNow powers more than 80 billion workflows every year. Together with OpenAI, the company is bringing customers innovative new capabilities that enable even more advanced automation and workflows across industries and across use cases.
Ransomware attacks soared in 2025, with 9,251 recorded cases compared to 6,395 cases in 2024
The latest findings fromNordStellar, a threat exposure management platform, reveal that the number of ransomware incidents in 2025 soared compared to 2024. The data shows that in 2025, 9,251 ransomware cases were recorded on the dark web, marking a significant 45% increase compared to 6,395 cases recorded in 2024.
The number of ransomware cases rose significantly in the last quarter of 2025. December set a two‑year record, with a substantial 1,004 recorded incidents.
“In the last quarter of 2025, ransomware groups deliberately exploited end-of-year cybersecurity gaps caused by reduced staffing and monitoring,” says Vakaris Noreika, cybersecurity expert at NordStellar. “However, there has been an upward trajectory the whole year. Ransomware actors are growing increasingly aggressive — given the surge in 2025, the number of ransomware incidents in 2026 is likely to exceed 12,000.”
According to Noreika, the number of ransomware groups has also been increasing. The recorded ransomware incidents in 2025 could be traced back to 134 different groups — a 30% increase from the 103 groups linked to recorded ransomware incidents in 2024.
SMBs in the US were affected the most
Companies in the US remained the primary targets, with 3,255 recorded ransomware cases in 2025 (a 28% increase from 2,544 incidents in 2024), accounting for 64% of all cases. The US was followed by Canada with 352 cases (a 46% increase from 2024), then Germany with 270 cases (a 97% increase), the United Kingdom with 233 cases (a 2% increase), and France with 155 cases (a 46% increase).
Small and medium-sized businesses (SMBs) with up to 200 employees and revenues up to $25 million experienced the most ransomware attacks. This data aligns with th
“SMBs are attractive targets for ransomware attacks because they often lack security staff and tools and operate within limited cybersecurity budgets — all of which are essential to safeguard their systems,” says Noreika. “Smaller organizations are also more likely to rely on outdated software, have limited security monitoring, and rely on external vendors for IT support. Consequently, when attacked, they’re more likely to pay ransoms quickly to avoid business disruptions, which is why ransomware groups keep targeting them.”
The most-targeted ransomware-victim company profile in 2025
As in 2024, companies in the manufacturing industry continued to bear the brunt of ransomware attacks, with 1,156 incidents in 2025 (a 32% increase from the previous year), accounting for 19.3% of all cases (a 0.3% increase from 2024).
The manufacturing industry was followed by the IT industry, with 524 recorded cases (a 35% increase from 2024), professional, scientific, and technical services (494 incidents, a 30% increase), the construction industry (443 incidents, a 24% increase), and healthcare, with 339 attacks (a 6% decrease from 2024).
Experts from NordStellar analyzed the ransomware attacks on companies in the manufacturing industry. They found that SMBs (those with up to 200 employees and $25M in revenue) operating in the general manufacturing industry were the most targeted. They were followed by other smaller businesses operating in the machinery manufacturing sector (10% of all attacks on the manufacturing industry), and SMBs operating in the appliances, electrical, and electronics manufacturing sector, accounting for 9.9% of all ransomware attacks on the manufacturing industry.
“Cybercriminals prioritize choosing targets that offer the biggest payoff for the least amount of effort, and SMBs in the manufacturing industry fit this perfectly — they generate enough revenue to pay large ransoms but usually don’t have the capacity to implement strong security measures or fast recovery options,” says Noreika.
According to Noreika, manufacturing companies are in a difficult position — their production lines can’t stop for long periods, so even short disruptions can cause significant financial losses. Consequently, they’re pressured to do anything it takes to continue their operations — even if it means giving in to the attackers’ demands.
“Machinery and industrial equipment manufacturers were also heavily targeted — this could be the result of expanded digitalization and remote connectivity in production environments,” says Noreika. “Meanwhile, appliance and electronics manufacturers are facing a higher risk of experiencing a cyberattack due to complex supplier integration and cloud-based operations.”
According to Noreika, interconnected environments increase the likelihood of lateral compromise, which can occur through shared networks or third‑party access.
The ransomware group landscape: Qilin takes the lead
Data reveals that the ransomware group Qilin carried out the most attacks in 2025, with 1,066 cases (a 408% increase compared to 2024). It was followed closely by Akira, with 947 recorded ransomware cases (a 125% increase), then the-remerged Cl0p leaks (594 cases, a 525% increase), the relatively new, rapidly growing ransomware threat actor Safepay (464 cases, a 775% increase), and INC ransom, with 442 recorded cases (an 83% increase compared to 2024).
“The changes in the ransomware threat actor landscape reflect how competitive the ransomware-as-a-service world has become,” says Noreika. “Groups like Qilin experienced significant growth because many affiliates joined their operations after other platforms were shut down or became less profitable. Affiliates choose which ransomware to use based on better payment structure, support, the reliability of the tools provided, or reputation of success.”
He underscores that Akira could have expanded for similar reasons. According to Noreika, the emergence of new ransomware names suggests that groups often rebrand or start fresh operations when facing law‑enforcement pressure. He notes that the activity of LockBit, one of the most active groups in 2024, witnessed a significant decline in 2025 due to successful law enforcement operations.
Incidents peak, but targets remain the same: What’s next?
According to the findings, the number of ransomware cases peaked in the last quarter of 2025, with 2,910 recorded incidents, marking a 38% increase compared to the same period in 2024 (2,102 cases) and a 49% increase from the number of incidents recorded in the July-September period of 2025 (1,954 cases).
The data from the final quarter of 2025 mirrored the findings from throughout the year — small and medium-sized manufacturers remained the primary target. For more details on the findings on ransomware cases in 2025 Q4, read here.
“The success of end-of-year attacks is concerning — this will likely motivate the ransomware groups to repeat these timing patterns at the end of 2026 as well,” says Noreika. “Businesses, especially SMBs and those operating in industries where operational downtime is unacceptable, or that handle high-value data, should be on high alert and reassess their preparedness to combat ransomware.”
To increase their resilience against ransomware attacks, Noreika advises companies to strengthen their basic security hygiene. This includes updating and patching systems and applications, using multifactor authentication, implementing password management policies, and enforcing the zero trust framework to prevent malware from spreading laterally.
“For early threat prevention and detection, intelligence is key — it enables businesses to patch critical vulnerabilities and detect indicators of compromise as soon as possible,” says Noreika. “Data leaked onto the dark web may expose credentials or sensitive details that attackers can exploit to gain unauthorized access. An early alert enables organizations to reset passwords, revoke access keys, disable compromised accounts, and support faster incident response.”
Noreika explains that having a ransomware incident-response plan is crucial for reducing the scope of damage from an attack as soon as possible. He also emphasizes the importance of having a recovery plan as well as backing up critical data to minimize operational downtime.
Disclaimer: While the total number of 9,251 ransomware attacks in 2025 is accurate, the figures presented for each category (industry, company size, and country) may be slightly higher. This is because a number of incidents were missing data needed for categorization and thus were omitted.
Sumo Logic today announced its new Snowflake Logs App and Databricks Audit App. These strategic apps provide customers with robust visibility into their data pipelines, dependable security analytics, and faster troubleshooting across two of the industry’s leading cloud data platforms.
With data volumes and associated vulnerabilities rapidly growing, security, operations, and data teams require unified, real-time insight into user activity, configuration changes, performance issues, and potential threats across their environment. These new apps expand Sumo Logic’s industry-leading coverage for Databricks and Snowflake platforms to help teams detect anomalies, investigate incidents, and monitor and optimize operations.
Snowflake Logs App
Snowflake provides a single, fully managed data platform, but our customers often lack visibility into performance, login activity, and operational health.
The Sumo Logic Snowflake Logs App enables customers to:
Analyze login and access activity to identify anomalies or potentially suspicious behavior
Optimize data pipelines and workloads with insights into long running or failing queries
Centralize log data for easier correlation across applications, cloud services, and data platforms
With real-time dashboards and alerting, teams can troubleshoot faster, improve reliability, and maximize the value of their Snowflake investment.
Databricks Audit App
Databricks offers a unified platform for data, analytics and AI. For our customers using the platform for highly sensitive workloads, visibility into user behavior and configuration changes is critical.
The Sumo Logic Databricks Audit App delivers:
Centralized visibility into user activity, job execution, access patterns, and administrative operations
Real-time detection of unauthorized access attempts, privilege escalations, and anomalous behavior
Faster incident investigations with visualizations that contextualize activity across multiple workspaces
With unified insights across Databricks audit logs, security and compliance teams can more effectively identify emerging critical threats, reduce detection time, and maintain a strong security posture.
Availability
Both the Databricks Audit App and Snowflake Logs App are now available in the Sumo Logic App Catalog.
EnGenius Private Cloud Empowers MSPs with Secure, Scalable On-Prem Network Management
Posted in Commentary with tags EnGenius on January 22, 2026 by itnerdEnGenius Technologies has announced the release of EnGenius Private Cloud (EPC)—a fully on-premises network management platform purpose-built for Managed Service Providers (MSPs) and system integrators who require full control over their deployments without relying on public cloud infrastructure. EPC runs on any standard PC, server, or virtual machine, giving partners the ability to manage enterprise-class networks while keeping all data inside their own environment.
Why EPC Is Essential for Today’s MSPs
MSPs and system integrators need EnGenius EPC because many of their customers cannot or do not want to use public cloud platforms due to data privacy, compliance, and security concerns. Many governments agencies mandate that all network management systems, logs, and user data remain strictly within their own infrastructure to meet data sovereignty, privacy, and security regulations. These policies prohibit the use of public cloud controllers, restrict external data transmission, and require full visibility and control over how information is stored, accessed, and audited. As a result, MSPs and system integrators serving government clients must deploy fully on-prem solutions like EnGenius EPC to ensure compliance, maintain operational independence, and protect sensitive information from being processed or stored outside government-controlled environments.
EPC: The Solution for Secure, Controlled Network Management
EPC solves these pain points by delivering a fully on-premises, multi-tenant management platform that keeps all data local, operates reliably even without internet, and significantly reduces long-term operational costs. As a 100% locally hosted and secure solution, EPC ensures that network management, logs, client data, and device credentials never leave the premises—giving partners complete control over customization, backups, policies, and overall performance.
EPC provides:
By combining cloud-level convenience with local, on-prem autonomy, EPC empowers MSPs to deliver premium managed services while maintaining the security, privacy, and performance their customers expect.
Key Features & Capabilities of EnGenius EPC
With EPC, EnGenius redefines what on-premises network management can achieve—delivering flexibility, privacy, and reliability that the cloud simply cannot match.
The EPC will be available for download on the EnGenius website starting in January 2026 for EnGenius customers. For additional product specifications and purchasing information, visit: EnGenius Private Cloud
Leave a comment »