British and Chinese security officials are seeking to established a “Cyber Dialogue” to discuss cyberattacks amidst hacking accusations by both sides, according to Bloomberg.
The forum is supposedly designed for security officials to manage threats to each other’s national security, by improving communication, allowing, for the first time, private discussion of deterrence measures, and avoiding and preventing escalation, as communicated by people familiar with the matter who spoke on condition of anonymity.
The collaboration comes after China’s top diplomat Wang Yi and British National Security Adviser Jonathan Powell met in Beijing in November agreeing to “confront and resolve issues” and “further enhance regular dialogues” after British officials said a month earlier that they believed Chinese hackers had spied on UK government computer systems for over a decade, and Chinese state-backed actors had compromised its critical infrastructure.
Meanwhile, the European Commission unveiled an updated cybersecurity framework that would tighten protections for critical infrastructure by targeting “high-risk” foreign suppliers of digital equipment and services.
The proposed legislation marks a shift from previous voluntary guidelines toward mandatory rules giving the Commission the authority to require removal of these high-risk vendors from key sectors such as telecommunications and other infrastructure essential to the EU’s economy and security.
Although the proposal doesn’t explicitly name specific companies, officials have previously singled out concerns over equipment from Chinese technology firms like Huawei and ZTE.
The overhaul also includes a revised Cybersecurity Act designed to secure information and communications technology supply chains, streamline certification processes, and improve incident reporting and threat alerts.
The updated law would also empower the EU Agency for Cybersecurity (ENISA) to issue early warnings and support collaboration with Europol and national response teams.
Michael Bell, Founder & CEO, Suzu Labs had this comment:
“The Cyber Dialogue is a pragmatic move, not a naive one.
“In March 2024, the UK publicly accused China of breaching the Electoral Commission and targeting parliamentarians’ email accounts. They sanctioned individuals linked to APT31. They summoned China’s ambassador. Beijing called the accusations “fabricated and malicious slanders.”
“Eight months later, Wang Yi and Jonathan Powell met in Beijing and agreed to establish a Cyber Dialogue. That looks like whiplash, but there’s logic to it.
“Cyber operations exist in a gray zone. They’re not acts of war, but they’re not peacetime activity either. Without communication channels, an incident response could be misread as aggression. Escalation becomes more likely when neither side understands the other’s red lines.
“There’s precedent. In 2015, Obama and Xi established a cyber agreement with hotlines and joint dialogue mechanisms. US officials reported a drop in certain Chinese intrusions afterward. It wasn’t perfect. The US later accused China of violations. But it created a framework for managing the problem.
“The UK is trying something similar. They’re not pretending the threat doesn’t exist. They publicly attributed attacks, imposed sanctions, and issued warnings about Volt Typhoon pre-positioning in critical infrastructure. Now they’re opening a channel to discuss deterrence and prevent miscalculation.
“Whether it works depends on whether both sides actually use it. The 2015 US-China agreement produced results until it didn’t. The UK-China dialogue could follow the same trajectory. But having the channel is better than not having it.
“The alternative, pure confrontation without communication, creates its own risks. In cyberspace, those risks are harder to see until they materialize.
“In regards to the EU targeting “high-risk” tech suppliers, honestly, it sounds like Brussels ran out of patience.
“The 5G Security Toolbox has been voluntary guidance since January 2020. It recommended that member states assess high-risk vendors and impose restrictions where necessary. Six years later, only 10 of 27 member states actually did anything meaningful about Huawei and ZTE. The patchwork approach created exactly the security gaps the Toolbox was supposed to prevent.
“The new legislation fixes that by making removal mandatory. High-risk suppliers must be phased out within three years of the law taking effect. The scope expands beyond mobile networks to fixed and satellite infrastructure across 18 critical sectors: water, electricity, cloud services, semiconductors, medical devices.
“The Commission will conduct EU-wide risk assessments based on country of origin and national security implications. ENISA gets real authority: early threat alerts, centralized incident reporting, coordination with Europol. A formal catalogue of high-risk suppliers will follow via implementing act. Huawei and ZTE are expected to be on it.
“This is expensive. Germany alone faces an estimated €2.5 billion to replace Huawei equipment across Deutsche Telekom, Vodafone, and Telefónica. EU-wide, operators are looking at roughly €3 billion annually in higher infrastructure costs. That’s not a rounding error. It’s why voluntary guidelines failed. Member states and operators kept finding reasons to delay.
“The legislation removes the option to delay. It’s regulatory coercion, and it’s probably necessary. Security through voluntary compliance only works when everyone complies. When half the member states ignore the guidance, you get exploitable gaps.
“For enterprises operating in the EU, this means vendor audits, procurement changes, and certification requirements through ENISA. The three-year timeline sounds manageable until you account for supply chain constraints and the reality that everyone will be competing for the same alternative equipment.
“Both approaches respond to the same underlying reality: Chinese state-affiliated actors have demonstrated capability and intent to compromise Western infrastructure. The UK and EU are choosing different tools to manage that risk.
“The UK is betting that communication reduces the chance of catastrophic miscalculation. The EU is betting that removing the attack surface is more reliable than trusting dialogue.
“Neither approach is wrong. They’re addressing different aspects of the same problem. The UK approach manages the state-to-state relationship. The EU approach manages the technical supply chain risk.
“For enterprises, the implication is clear: you can’t rely on a single approach. You need security architecture that accounts for both diplomatic uncertainty and regulatory mandates. The technology landscape is fragmenting, and your vendor strategy needs to fragment with it.”
John Carberry, Solution Sleuth, Xcape, Inc. follows with this comment:
“The UK-China cyber dialogue signals a shared understanding that unchecked cyber tensions pose serious escalation risks for global powers. Creating forums for discussing deterrence and intentions could minimize miscalculations, even if persistent accusations of espionage between the two nations remain unresolved.
“Concurrently, Europe’s implementation of mandatory restrictions on “high-risk” suppliers demonstrates that dialogue doesn’t automatically equate to trust. The EU’s framework signifies a stricter stance on supply-chain security, transitioning from voluntary recommendations to legally binding regulations with tangible economic impacts. This shift from voluntary guidelines to mandatory exclusions for companies like Huawei and ZTE suggests that while the UK pursues dialogue, the wider Western approach is leaning towards complete technological decoupling.
“ENISA’s augmented responsibilities for early warnings, incident reporting, and cross-border responses further underscore Europe’s focus on cybersecurity as a matter of technological sovereignty rather than mere IT best practices. By granting ENISA and Europol enhanced early-warning capabilities, the EU is fortifying itself against the very state-sponsored actors the UK is now engaging with diplomatically.
“Collectively, these trends illustrate a two-pronged strategy: diplomatic efforts to influence state conduct, combined with structural defenses to mitigate systemic vulnerabilities. Cybersecurity policy is increasingly serving as both a diplomatic instrument and a component of industrial strategy.
“You can’t build a bridge of trust with diplomacy while simultaneously bricking up the windows to keep the “partners” out of the house.”
Trust isn’t built overnight. Which I suspect will mean that any real traction on this will take a while to materialize any results. Which is fine as long as everyone sticks to it.
Liquibase today announced fiscal year 2025 momentum driven by accelerating new customer demand, record Liquibase Community adoption, and continued operating discipline.
Late 2025 outages across major internet services were a reminder that change can cascade at scale into widespread disruption. As AI pushes more automation downstream, database changes increasingly require enforcement before production and evidence after release.
Database Change Governance is the enforcement and evidence layer for database change. It prevents risky changes from reaching production and produces proof of what ran, where, and when after release, so teams can ship faster without sacrificing control. Without it, a breaking schema change can ripple across applications, data products, and automated workflows.
FY25 momentum highlights
New ARR increased more than 85 percent year over year
Liquibase Community surpassed 15 million downloads in 2025
Operating efficiency improved dramatically over the last few years, strengthening operating leverage and execution discipline.
Liquibase Secure won the 2025 DevOps Dozen Award for Best DevOps for DataOps and Database Solution
Liquibase was also named a finalist in three DevOps Dozen categories: DevSecOps, Database DevOps, and Mainframe Modernization
Expanded platform partnerships with Databricks and MongoDB to bring governed database change to modern data platforms and AI driven applications.
Liquibase also expanded its ecosystem partnerships to meet teams where database change is happening, inside modern data platforms and AI driven applications. In 2025, Liquibase partnered with Databricks to bring modern change management to the lakehouse and announced a strategic technology integration with MongoDB to bring governance to AI driven database changes.
Governance customers use in real delivery workflows
Liquibase Secure helps teams ship database change with guardrails and proof. Teams use Policy Checks to enforce policies before changes reach production, and Reports to generate audit ready evidence of what was applied, where, and when. Together, these governance capabilities integrate into automated deployments, reducing late stage surprises and making releases more predictable.
Customer feedback reinforces this. As one TrustRadius reviewer, a Senior Configuration Management Advisor, put it: “Liquibase fixes a problem everyone has but doesn’t know there’s an answer for.”
Industry recognition
Liquibase Secure was named the winner of the 2025 DevOps Dozen Award for Best DevOps for DataOps and Database Solution.
Leadership additions to scale the next phase
Liquibase strengthened its leadership team in FY25 to support product velocity, enterprise execution, and international growth.
David De Paula, VP International Sales, former VP Sales, EMEA and APAC at CloudBees
Mike Runco, VP Sales, North America, former VP of Sales at UnifyApps
Ryan McCurdy, VP of Marketing, former SVP of Marketing at Astronomer
Steve Surace, VP of Engineering, former VP of Engineering at Datto
Arcitecta today announced that it will demonstrate its advanced Mediaflux® research data management platform in booth #14 at Supercomputing Asia 2026, January 26-29, at the Osaka International Convention Center in Japan. The conference will be held in conjunction with HPC Asia 2026 (SCA/HPCAsia 2026).
Arcitecta is returning to Supercomputing Asia 2026 to share its vision for elegant, intelligent research data management. At a time when data is growing in volume, complexity, and value, Arcitecta’s Mediaflux platform brings balance to the research ecosystem, connecting people, instruments, storage and compute into a unified, metadata-rich environment. Built for HPC-scale workloads and diverse, data-intensive disciplines, Mediaflux transforms data into a living, dynamic resource that accelerates discovery.
Birds of a Feather Session: Managing and Sharing Large Scientific Data Sets
Arcitecta’s Global Business Development Lead, Robert Mollard, will join other distinguished panelists in an informative session to discuss the complexities of sharing large amounts of collected scientific data and to explore sharing techniques, models and software tools that address this challenge. Attendees will gain an understanding of contemporary practices and actionable methods for improving collaboration between research organizations with large data stores used for analysis and with HPC workflows and software.
Date and Time: Thursday, January 29, 2026, 11:30 am – 12:30 pm
Location: 12F Conference Hall of the Osaka International Convention Center
Panelists:
Robert Mollard, Arcitecta – Global Business Development Lead
Bronis R. de Supinski, CTO for Livermore Computing (LC) at Lawrence Livermore National Laboratory (LLNL)
Michael Hennecke, Distinguished Technologist at HPE – DAOS Systems/Software Engineering
Chris Maestas, IBM – CTO for Data and AI Storage Solutions
Matt Starr, Spectra Logic – CTO, VP APJ Sales, and VP Federal Sales
Thomas Metzger, Americas HPC Technical and Business Director at Intel Corporation
Werner Scholz, Xenon Systems – CTO and Head of R&D
CJ Newburn, NVIDIA Architect – IO and HPC Software Strategy
Jake Carroll, Director, Research Computing Centre – University of Queensland
The New Digital Preservation
Long-term data retention was once treated as a niche concern, limited to archives and specialized domains. Today, research data is routinely retained for decades, often by default rather than by design. This shift is reshaping how institutions think about storage, lifecycle management, cost, and sustainability.
Digital preservation is no longer a “future” problem; it is a challenge that organizations must begin addressing now. Mediaflux delivers intelligent, policy-driven data placement across the entire storage hierarchy, from high-performance hot tiers to economical long-term archives.
Cerabyte, the pioneer of ceramic-based data storage solutions, will join Arcitecta in booth #14 to jointly demonstrate how the two companies address the need for data management in conjunction with long-term retention, enabling data storage that is easily accessible, permanent, sustainable and energy-efficient.
Posted in Commentary with tags Cloover on January 21, 2026 by itnerd
The globe is racing to secure its energy future as electricity demand rises, grids come under pressure, and households face growing uncertainty over costs and supply. At the same time, demand for decentralized energy solutions like solar, batteries, heat pumps, and EV charging is surging. The missing piece has been infrastructure that can deliver these systems at scale. Cloover was built to solve this gap by creating the operating system for energy independence – and today the company has announced a landmark financing commitment to accelerate the rollout of residential energy independence.
Cloover has secured $22 million in Series A equity financing alongside a $1.2 billion debt facility, bringing total capital commitments to $1.222 billion. The equity round was led by MMC Ventures and QED Investors, with participation from Lowercarbon Capital, BNVT Capital, Bosch Ventures, Centrotec, and Earthshot Ventures. The debt facility was provided by a leading European bank to fund customer and installer financing on the platform. Cloover also benefits from a €300 million guarantee from the European Investment Fund, which underpins its financing programs and enables scalable, low-cost capital for the energy transition. In total, Cloover has now raised more than $30 million in equity financing and secured over $1.3 billion in debt.
The scale of this commitment reflects the urgency of the problem Cloover is addressing. Europe’s energy transition depends on hundreds of thousands of small and mid-sized installers, yet most operate with fragmented software, manual workflows, and limited access to capital. Traditional banks are ill-equipped to finance residential energy assets at speed and granularity, creating delays that stall installations and price many households out of clean energy. Cloover takes a fundamentally different approach by embedding financing directly into installer workflows and pairing it with an end-to-end software platform built specifically for decentralized energy.
At the heart of this innovation is AI-powered credit underwriting, which evaluates long-term energy savings rather than traditional credit metrics alone. Cloover also pre-finances public subsidies, allowing consumers to benefit immediately from state incentives. For institutional investors, Cloover opens the door to a new impact-aligned infrastructure asset class, backed by real performance data, climate impact tracking, and full transparency across the value chain.
Cloover is building the digital nervous system of the distributed energy economy. Its AI-powered platform integrates workflow management, financing, procurement, and energy optimization into one seamless operating system. It automates complex workflows, detects risks early, and empowers data-driven decisions from the first customer leading to long-term energy-management through Cloover’s EMS and dynamic tariffs. Further, Cloover’s AI Finance co-pilot helps SME installers solve capital flow challenges along the whole value chain and improve liquidity to enable faster growth. By replacing disconnected tools and slow financing processes with one integrated system, Cloover enables installers to close more projects, move faster, and serve a broader customer base.
Installers using Cloover offer financing at the point of sale, increasing conversion rates and unlocking new market segments. Automated workflows reduce administrative burden and improve throughput, while access to capital shortens cash cycles. On average, installer partners generate 30 percent incremental revenue through Cloover by reaching customers they previously could not serve. Homeowners benefit from access to decentralized energy without large upfront investments and see between 20 and 30 percent savings on energy costs through optimized system performance and financing.
By connecting manufacturers, installers, households, and investors in a unified ecosystem, Cloover ensures energy projects scale efficiently, transparently, and collaboratively – mirroring the way software unlocked scale for e-commerce two decades ago.
Cloover was founded after the team conducted extensive research with hundreds of energy installers across Europe and saw the same pattern repeat across markets. Demand for decentralized energy was accelerating, but the industry lacked the infrastructure to support mass adoption. Financing emerged as the most decisive bottleneck. While other sectors such as automotive benefit from thousands of specialized lenders, residential energy assets have only a handful. Cloover was created to close this gap by combining financing with modern software infrastructure and building a platform that supports installers rather than competing with them.
Cloover grew revenues more than 8x in 2025 while remaining profitable, approaching $100 million in sales. The company is projecting $500 million in 2026 and $1 billion in 2027, underscoring the explosive demand for distributed energy solutions.
The company’s growth is driven by powerful market forces. Rising energy demand driven by AI, grid instability, and the expansion of electric mobility are increasing pressure on existing systems. Governments are accelerating policy support for decentralized energy, while households are seeking greater control over their energy costs and supply. These trends are converging to create one of the largest infrastructure opportunities of the coming decade.
With the new capital, Cloover will expand into additional European markets and is considering France, Italy, the UK, and Austria, deepen its platform with further AI-driven workflow automation and financing products. For now, the team’s long-term vision is for Cloover to become the global platform powering decentralized energy, connecting manufacturers, installers, investors, and households through a single operating system designed to deliver affordable, and independent energy at scale.
ServiceNow and OpenAI today announced an enhanced strategic collaboration to power agentic AI experiences and accelerate enterprise AI outcomes. The agreement unlocks a deep collaboration between OpenAI technical advisors and ServiceNow engineers that will be equipped with its frontier models, which will give customers direct access to frontier capabilities, custom ServiceNow AI solutions built and aligned to their unique roadmaps, and increased speed and scale with no bespoke development required. ServiceNow will build direct speech-to-speech technology using OpenAI models to break through language barriers and offer more natural interactions. With the latest OpenAI models including GPT-5.2, ServiceNow will unlock a new class of AI-powered automation for the world’s largest companies.
Co-innovation that drives faster, easier customer adoption
As AI model releases accelerate, large enterprises need help keeping their workflows aligned with the latest innovations. Bringing OpenAI models into the ServiceNow AI Platform complements a customer’s ServiceNow configuration management database (CMDB) while also offering native, embedded access to intelligence to further inform actions that will be taken within workflows. ServiceNow’s AI Control Tower then provides the governance and orchestration layer, giving organizations centralized visibility into how models are applied across workflows, how they interact with enterprise data and systems, and how AI-driven actions are executed at scale in a controlled, auditable way. For example:
Real-time speech-to-speech voice agents: With OpenAI, ServiceNow is working toward real-time speech-to-speech AI agents that can listen, reason, and respond naturally without text intermediation. For example, a user can speak in their preferred language and receive an instant response from an AI agent that opens a case, triggers an approval, and orchestrates next steps without translation delay — reducing latency, preserving meaning, and eliminating unnecessary handoffs.
Super charging automation: Computer-use models from OpenAI unlock a new class of IT automation for ServiceNow customers by enabling interactions with systems. By turning unstructured documents into actionable data, this capability extends secure, context-aware automation across more environments — enabling autonomous orchestration of workplace tools like email and chat, automation of legacy systems including mainframes, and greater efficiency across complex IT landscapes.
Delivering AI impact on a foundation of proven success
This agreement builds on the long-standing efforts of ServiceNow to offer customers the choice of accessing OpenAI models for:
AI assistance that lets employees ask questions in natural language and get clear, actionable answers through speech-to-text capabilities.
AI-powered summarization and content generation for incidents, cases, knowledge articles, and service interactions — helping teams resolve issues faster with less manual effort.
Developer and admin tools that turn intent into workflows, logic, and automation, dramatically speeding how business processes are built and updated.
Intelligent search and discovery that pulls the right information from across enterprise systems exactly when it’s needed.
ServiceNow powers more than 80 billion workflows every year. Together with OpenAI, the company is bringing customers innovative new capabilities that enable even more advanced automation and workflows across industries and across use cases.
Ransomware attacks soared in 2025, with 9,251 recorded cases compared to 6,395 cases in 2024
The latest findings fromNordStellar, a threat exposure management platform, reveal that the number of ransomware incidents in 2025 soared compared to 2024. The data shows that in 2025, 9,251 ransomware cases were recorded on the dark web, marking a significant 45% increase compared to 6,395 cases recorded in 2024.
The number of ransomware cases rose significantly in the last quarter of 2025. December set a two‑year record, with a substantial 1,004 recorded incidents.
“In the last quarter of 2025, ransomware groups deliberately exploited end-of-year cybersecurity gaps caused by reduced staffing and monitoring,” says Vakaris Noreika, cybersecurity expert at NordStellar. “However, there has been an upward trajectory the whole year. Ransomware actors are growing increasingly aggressive — given the surge in 2025, the number of ransomware incidents in 2026 is likely to exceed 12,000.”
According to Noreika, the number of ransomware groups has also been increasing. The recorded ransomware incidents in 2025 could be traced back to 134 different groups — a 30% increase from the 103 groups linked to recorded ransomware incidents in 2024.
SMBs in the US were affected the most
Companies in the US remained the primary targets, with 3,255 recorded ransomware cases in 2025 (a 28% increase from 2,544 incidents in 2024), accounting for 64% of all cases. The US was followed by Canada with 352 cases (a 46% increase from 2024), then Germany with 270 cases (a 97% increase), the United Kingdom with 233 cases (a 2% increase), and France with 155 cases (a 46% increase).
Small and medium-sized businesses (SMBs) with up to 200 employees and revenues up to $25 million experienced the most ransomware attacks. This data aligns with th
“SMBs are attractive targets for ransomware attacks because they often lack security staff and tools and operate within limited cybersecurity budgets — all of which are essential to safeguard their systems,” says Noreika. “Smaller organizations are also more likely to rely on outdated software, have limited security monitoring, and rely on external vendors for IT support. Consequently, when attacked, they’re more likely to pay ransoms quickly to avoid business disruptions, which is why ransomware groups keep targeting them.”
The most-targeted ransomware-victim company profile in 2025
As in 2024, companies in the manufacturing industry continued to bear the brunt of ransomware attacks, with 1,156 incidents in 2025 (a 32% increase from the previous year), accounting for 19.3% of all cases (a 0.3% increase from 2024).
The manufacturing industry was followed by the IT industry, with 524 recorded cases (a 35% increase from 2024), professional, scientific, and technical services (494 incidents, a 30% increase), the construction industry (443 incidents, a 24% increase), and healthcare, with 339 attacks (a 6% decrease from 2024).
Experts from NordStellar analyzed the ransomware attacks on companies in the manufacturing industry. They found that SMBs (those with up to 200 employees and $25M in revenue) operating in the general manufacturing industry were the most targeted. They were followed by other smaller businesses operating in the machinery manufacturing sector (10% of all attacks on the manufacturing industry), and SMBs operating in the appliances, electrical, and electronics manufacturing sector, accounting for 9.9% of all ransomware attacks on the manufacturing industry.
“Cybercriminals prioritize choosing targets that offer the biggest payoff for the least amount of effort, and SMBs in the manufacturing industry fit this perfectly — they generate enough revenue to pay large ransoms but usually don’t have the capacity to implement strong security measures or fast recovery options,” says Noreika.
According to Noreika, manufacturing companies are in a difficult position — their production lines can’t stop for long periods, so even short disruptions can cause significant financial losses. Consequently, they’re pressured to do anything it takes to continue their operations — even if it means giving in to the attackers’ demands.
“Machinery and industrial equipment manufacturers were also heavily targeted — this could be the result of expanded digitalization and remote connectivity in production environments,” says Noreika. “Meanwhile, appliance and electronics manufacturers are facing a higher risk of experiencing a cyberattack due to complex supplier integration and cloud-based operations.”
According to Noreika, interconnected environments increase the likelihood of lateral compromise, which can occur through shared networks or third‑party access.
The ransomware group landscape: Qilin takes the lead
Data reveals that the ransomware group Qilin carried out the most attacks in 2025, with 1,066 cases (a 408% increase compared to 2024). It was followed closely by Akira, with 947 recorded ransomware cases (a 125% increase), then the-remerged Cl0p leaks (594 cases, a 525% increase), the relatively new, rapidly growing ransomware threat actor Safepay (464 cases, a 775% increase), and INC ransom, with 442 recorded cases (an 83% increase compared to 2024).
“The changes in the ransomware threat actor landscape reflect how competitive the ransomware-as-a-service world has become,” says Noreika. “Groups like Qilin experienced significant growth because many affiliates joined their operations after other platforms were shut down or became less profitable. Affiliates choose which ransomware to use based on better payment structure, support, the reliability of the tools provided, or reputation of success.”
He underscores that Akira could have expanded for similar reasons. According to Noreika, the emergence of new ransomware names suggests that groups often rebrand or start fresh operations when facing law‑enforcement pressure. He notes that the activity of LockBit, one of the most active groups in 2024, witnessed a significant decline in 2025 due to successful law enforcement operations.
Incidents peak, but targets remain the same: What’s next?
According to the findings, the number of ransomware cases peaked in the last quarter of 2025, with 2,910 recorded incidents, marking a 38% increase compared to the same period in 2024 (2,102 cases) and a 49% increase from the number of incidents recorded in the July-September period of 2025 (1,954 cases).
The data from the final quarter of 2025 mirrored the findings from throughout the year — small and medium-sized manufacturers remained the primary target. For more details on the findings on ransomware cases in 2025 Q4, read here.
“The success of end-of-year attacks is concerning — this will likely motivate the ransomware groups to repeat these timing patterns at the end of 2026 as well,” says Noreika. “Businesses, especially SMBs and those operating in industries where operational downtime is unacceptable, or that handle high-value data, should be on high alert and reassess their preparedness to combat ransomware.”
To increase their resilience against ransomware attacks, Noreika advises companies to strengthen their basic security hygiene. This includes updating and patching systems and applications, using multifactor authentication, implementing password management policies, and enforcing the zero trust framework to prevent malware from spreading laterally.
“For early threat prevention and detection, intelligence is key — it enables businesses to patch critical vulnerabilities and detect indicators of compromise as soon as possible,” says Noreika. “Data leaked onto the dark web may expose credentials or sensitive details that attackers can exploit to gain unauthorized access. An early alert enables organizations to reset passwords, revoke access keys, disable compromised accounts, and support faster incident response.”
Noreika explains that having a ransomware incident-response plan is crucial for reducing the scope of damage from an attack as soon as possible. He also emphasizes the importance of having a recovery plan as well as backing up critical data to minimize operational downtime.
Disclaimer: While the total number of 9,251 ransomware attacks in 2025 is accurate, the figures presented for each category (industry, company size, and country) may be slightly higher. This is because a number of incidents were missing data needed for categorization and thus were omitted.
Sumo Logic today announced its new Snowflake Logs App and Databricks Audit App. These strategic apps provide customers with robust visibility into their data pipelines, dependable security analytics, and faster troubleshooting across two of the industry’s leading cloud data platforms.
With data volumes and associated vulnerabilities rapidly growing, security, operations, and data teams require unified, real-time insight into user activity, configuration changes, performance issues, and potential threats across their environment. These new apps expand Sumo Logic’s industry-leading coverage for Databricks and Snowflake platforms to help teams detect anomalies, investigate incidents, and monitor and optimize operations.
Snowflake Logs App
Snowflake provides a single, fully managed data platform, but our customers often lack visibility into performance, login activity, and operational health.
The Sumo Logic Snowflake Logs App enables customers to:
Analyze login and access activity to identify anomalies or potentially suspicious behavior
Optimize data pipelines and workloads with insights into long running or failing queries
Centralize log data for easier correlation across applications, cloud services, and data platforms
With real-time dashboards and alerting, teams can troubleshoot faster, improve reliability, and maximize the value of their Snowflake investment.
Databricks Audit App
Databricks offers a unified platform for data, analytics and AI. For our customers using the platform for highly sensitive workloads, visibility into user behavior and configuration changes is critical.
The Sumo Logic Databricks Audit App delivers:
Centralized visibility into user activity, job execution, access patterns, and administrative operations
Real-time detection of unauthorized access attempts, privilege escalations, and anomalous behavior
Faster incident investigations with visualizations that contextualize activity across multiple workspaces
With unified insights across Databricks audit logs, security and compliance teams can more effectively identify emerging critical threats, reduce detection time, and maintain a strong security posture.
Availability
Both the Databricks Audit App and Snowflake Logs App are now available in the Sumo Logic App Catalog.
Black Kite today announced the release of its 2026 Wholesale & Retail Report: Cyber Exposure in the Age of Digital Supply Chain Attacks, which delves into the cyber risk for retail and wholesale companies that rely on many of the same essential vendors, including IT service providers, software platforms, and financial services. The report found a significant overlap in threat actors actively targeting these two sectors, confirming that they see wholesale and retail not as separate markets but rather as one large, interconnected system of targets.
The interconnectedness between wholesale and retail is aggressively exploited by threat actors that view the landscape as a single, lucrative target likely to pay out to minimize supply chain disruption. Additionally, with attackers seeing wholesale and retail as one target, they have developed universal attack tools and malware, such as Stealer Logs and MFT exploits, capable of working across both. Their goal is simply to find the easiest entry point into the system, regardless of which sector that entry point belongs to. For defenders, this tactic means their defense strategies must be unified. For instance, a successful breach into a wholesaler can create an easy entry point leveraged by the same group to be used against a major retailer that uses that particular wholesaler.
One of the report’s most critical findings is the widespread presence of compromised credentials, meaning that initial access has already been granted to a majority of the industry. In fact, over 70% of major retailers, nearly 60% of wholesalers, and 52% of the supply chain have exposed credentials.
Additional key findings include:
17% of retail ransomware victims had revenue over $1B, demonstrating that threat actors prioritize ‘big game hunting’ in the retail sector – a specific target for high-value extortion.
39% of wholesale ransomware victims had revenue in the mid-market range of $20M–$100M as attackers play a ‘volume game’ on smaller enterprises.
42% of critical supply chain vendors are exposed to at least one vulnerability from the CISA Known Exploited Vulnerabilities (KEV) Catalog, listing flaws currently under active attack.
2 vendor categories – Professional & Technical Services (793) and Information (705) – totaling 1,498 companies, dominate the supply chain, outnumbering physical categories by a significant margin.
The report’s findings are conclusive. The shared supply chain is the new threat, and credential theft is the dominant access vector. In order to protect themselves, wholesalers, retailers and their vendors must urgently prioritize patching the specific vulnerabilities listed in the CISA KEV catalog, particularly those granting Remote Code Execution (RCE), which are the exact flaws active ransomware groups are weaponizing today.
Black Kite’s report empowers cybersecurity leaders and business executives to understand today’s emerging threats and learn how to proactively manage their third-party cyber risk to protect their organizations from supply chain disruptions.
ServiceNow today announced significant enhancements to its global Partner Program to accelerate AI agent innovation. This includes a newly reimagined Build Program that opens ServiceNow’s partner ecosystem to more innovators and strengthens the ServiceNow Store as a global marketplace for partner-built AI agents. The program will enable a broader set of ISVs, developers, and technology partners to build, test, certify, and distribute solutions on the ServiceNow AI Platform, with more than 1,000 partners — including AutomatePro, SailPoint, and others — transitioning to the revamped program. ServiceNow also introduced a unified investment portfolio and simplified pricing model designed to fuel partner-led growth, making it seamless for partners to innovate, differentiate, and monetize on the ServiceNow AI Platform.
ServiceNow’s partner ecosystem continues to expand in scale and impact with more than 2,700 partners globally. As customers shift from AI experimentation to AI at scale, partners play an increasingly critical role in delivering specialized use cases, speeding deployment, and driving measurable business outcomes. An expanded and open partner ecosystem positions ServiceNow to meet growing enterprise demand for AI agents, generative automation, and industry-specific workflow innovation; these updates equip ServiceNow partners with the programs, investments, and platform capabilities they need to lead this next wave of AI-powered transformation.
Reimagined Build Program opens ServiceNow’s partner ecosystem to more innovators
ServiceNow’s redesigned Build Program makes it significantly easier for ISV, developer, and technology partners to get started, explore new ideas, and differentiate their offerings as they bring new solutions to market. This will accelerate a wave of partner-built AI agents, applications, and connectors that will extend the value of ServiceNow for customers.
The program’s modernized tier structure — Registered, Select, Premier, and Elite — introduces stronger program benefits and fresh opportunities for partners to showcase their AI solutions in the ServiceNow Store, a global marketplace for enterprise-ready AI agents. A new Access Tier also invites aspiring and entry-stage partners to start building immediately with ServiceNow, giving them instant access to tools and resources without needing to fully enroll first.
More than 1,000 existing partners will transition into the redesigned Build Program by March, establishing a unified, fast-growing pipeline of innovators building AI-powered solutions on the ServiceNow AI Platform.
Expanded investment portfolio strengthens support across the entire partner lifecycle
ServiceNow is supercharging its partner ecosystem with a unified investment strategy for 2026, designed to spark growth, fuel innovation, and help partners win faster, together. The expanded partner investment portfolio provides meaningful support at every phase of the journey — from building demand to closing deals to driving successful deployments — achieved through an increased investment in incentives, rewards, and co-marketing programs.
Key components include:
Market Development Fund (MDF): New funding opportunities and 100% reimbursement for select activities, enabling eligible partners to build demand and generate pipeline.
Strategic Investment Fund (SIF): Targeted funding to accelerate high-impact customer opportunities and unlock faster outcomes.
Sell-through, deployment, and specialization incentives: Rewards that recognize partners for driving customer value and deepening technical expertise across the ServiceNow AI Platform.
Each program element is aligned with the updated ServiceNow partner tiers, ensuring partners gain access to the right support at the right time, and that their benefits scale as their success grows.
To further simplify partner engagement and remove friction as the partner ecosystem grows, ServiceNow is also introducing a streamlined fee structure. Beginning immediately, all global partners will move to a streamlined single annual membership fee. This change reflects direct partner feedback and is designed to create a simpler, more equitable structure that allows partners to focus on building, innovating, and going to market, rather than navigating complex program fees.
With fewer barriers to entry and clearer paths to value, partners appreciate the ability to more easily build differentiated AI-powered solutions, reach customers through the ServiceNow Store, and deploy their solutions on the ServiceNow AI Platform.
What will the cybersecurity landscape look like in 2026 and beyond?
As we enter 2026, the cybersecurity battleground continues to shift, presenting internet users and organizations with a mix of threats and challenges. Karolis Arbaciauskas, head of product at the cybersecurity company NordPass, offers his expert outlook for the year ahead.
“Artificial intelligence will sharpen the tools of both attackers and defenders, while the integrity of global supply chains will face increasing scrutiny,” says Arbaciauskas.
According to Arbaciauskas, the cybersecurity landscape is generally poised for a period of evolution, characterized by both technological advancements (including AI) and persistent, fundamental vulnerabilities.
Here are Arbaciauskas’ key cybersecurity predictions for 2026:
AI integration — Smarter and more widespread
The integration of artificial intelligence (AI) capabilities by both threat actors (red teams) and defensive security practitioners (blue teams) will continue. On the offensive side, AI will be predominantly leveraged to enhance reconnaissance operations, enabling higher-fidelity data collection and intelligence gathering. The cybersecurity community is also starting to worry that threat actors might soon figure out a way to use AI for automated vulnerability discovery and start scanning networks and applications for flaws and misconfigurations.
Supply chain attacks will increase
In the enterprise field, supply chain attacks might become an even bigger problem than they are now. The trend is emerging — mature organizations increasingly strengthen their cybersecurity, so for bad actors it is becoming easier to penetrate companies through vendors.
I would advocate prioritizing investment in resilience against this attack vector. More attention should be paid to the technical part of vendor assessment and the final agreement. Prior to onboarding any third-party service provider, organizations should implement comprehensive vendor risk assessment protocols. This evaluation should include verification of SOC Type 2, ISO 270001, penetration testing outcomes, and documented security practices.
Negligence – One of the biggest challenges ahead
The most significant challenges that private users and organizations will face this year will stem from common security deficiencies rather than novel attack methodologies. The threat landscape will remain substantially shaped by threats caused by our own negligence, such as infrastructure and application misconfigurations, insufficient digital hygiene, weak credential management, password reuse, and lack of MFA.
For businesses, an underaddressed risk may come from malicious actors inside the company. Rogue employees or privileged administrators possess authorized access enabling them to bypass security controls. And they often maintain that access even after leaving the company. It is worrying that, according to a survey commissioned by PasswordManager.com last year, about 40% of workers used passwords from a former employer after leaving the company.
Moreover, the threat extends beyond disgruntled or laid-off employees with a vendetta. Last year, media outlets reported on multiple instances of foreign state-linked operatives digitally infiltrating Western companies. Consequently, organizations should dedicate more attention and resources to mitigating these sophisticated threats.
The great corporate migration to browsers
As more and more companies indicate that browsers are the main workspace, where their employees spend most of their time, we will see more security focused extensions and browsers, including new enterprise browsers and tools.
Passwords will remain the first line of defense
Together with industry researchers we have been studying password-related behavior and data leaked to the dark web for 7 years now, and unfortunately, we see no significant improvement in digital hygiene globally. At least for now, it looks like passwords will remain the first line of defense against digital intruders and one of the weakest links in the security chain at the same time. Credentials will remain the predominant initial access vector enabling cyber incidents.
Passkey adoption will increase but will not overtake passwords
As advocates of passkey authentication, we initially projected more rapid and widespread adoption, given the technology’s inherent phishing-resistant properties and superior security architecture. While actual adoption rates have proven slower than anticipated, the trajectory remains consistently positive. Major platform providers like Apple, Google, and Microsoft have integrated native passkey support across their ecosystems.
Consumer-facing services such as PayPal, eBay, and Amazon are progressively implementing passkey authentication options as well. We also see more enterprise organizations that are beginning to deploy passkeys within their workforce.
However, several barriers continue to impede accelerated adoption. Consumer awareness and comprehension of passkey technology remains limited, account recovery workflows present usability challenges, and cross-platform interoperability issues persist. These factors constitute the primary obstacles to mainstream adoption. Based on current trajectory analysis, passkeys remain multiple years from achieving predominant status as a consumer authentication method.
Regulation will determine increased spending
Regulations and compliance requirements in the European Union (for example, the EU Cyber Resilience Act and NIS2) signal a broader shift toward standardized mandated cybersecurity. This will probably create some additional challenges for CISOs and stimulate an increase in general cybersecurity spending but is expected to have positive implications for overall ecosystem resilience.”
UK and China establish “Cyber Dialogue”, while EU targets “high-risk” foreign tech suppliers
Posted in Commentary with tags China, EU, UK on January 21, 2026 by itnerdBritish and Chinese security officials are seeking to established a “Cyber Dialogue” to discuss cyberattacks amidst hacking accusations by both sides, according to Bloomberg.
The forum is supposedly designed for security officials to manage threats to each other’s national security, by improving communication, allowing, for the first time, private discussion of deterrence measures, and avoiding and preventing escalation, as communicated by people familiar with the matter who spoke on condition of anonymity.
The collaboration comes after China’s top diplomat Wang Yi and British National Security Adviser Jonathan Powell met in Beijing in November agreeing to “confront and resolve issues” and “further enhance regular dialogues” after British officials said a month earlier that they believed Chinese hackers had spied on UK government computer systems for over a decade, and Chinese state-backed actors had compromised its critical infrastructure.
Meanwhile, the European Commission unveiled an updated cybersecurity framework that would tighten protections for critical infrastructure by targeting “high-risk” foreign suppliers of digital equipment and services.
The proposed legislation marks a shift from previous voluntary guidelines toward mandatory rules giving the Commission the authority to require removal of these high-risk vendors from key sectors such as telecommunications and other infrastructure essential to the EU’s economy and security.
Although the proposal doesn’t explicitly name specific companies, officials have previously singled out concerns over equipment from Chinese technology firms like Huawei and ZTE.
The overhaul also includes a revised Cybersecurity Act designed to secure information and communications technology supply chains, streamline certification processes, and improve incident reporting and threat alerts.
The updated law would also empower the EU Agency for Cybersecurity (ENISA) to issue early warnings and support collaboration with Europol and national response teams.
Michael Bell, Founder & CEO, Suzu Labs had this comment:
“The Cyber Dialogue is a pragmatic move, not a naive one.
“In March 2024, the UK publicly accused China of breaching the Electoral Commission and targeting parliamentarians’ email accounts. They sanctioned individuals linked to APT31. They summoned China’s ambassador. Beijing called the accusations “fabricated and malicious slanders.”
“Eight months later, Wang Yi and Jonathan Powell met in Beijing and agreed to establish a Cyber Dialogue. That looks like whiplash, but there’s logic to it.
“Cyber operations exist in a gray zone. They’re not acts of war, but they’re not peacetime activity either. Without communication channels, an incident response could be misread as aggression. Escalation becomes more likely when neither side understands the other’s red lines.
“There’s precedent. In 2015, Obama and Xi established a cyber agreement with hotlines and joint dialogue mechanisms. US officials reported a drop in certain Chinese intrusions afterward. It wasn’t perfect. The US later accused China of violations. But it created a framework for managing the problem.
“The UK is trying something similar. They’re not pretending the threat doesn’t exist. They publicly attributed attacks, imposed sanctions, and issued warnings about Volt Typhoon pre-positioning in critical infrastructure. Now they’re opening a channel to discuss deterrence and prevent miscalculation.
“Whether it works depends on whether both sides actually use it. The 2015 US-China agreement produced results until it didn’t. The UK-China dialogue could follow the same trajectory. But having the channel is better than not having it.
“The alternative, pure confrontation without communication, creates its own risks. In cyberspace, those risks are harder to see until they materialize.
“In regards to the EU targeting “high-risk” tech suppliers, honestly, it sounds like Brussels ran out of patience.
“The 5G Security Toolbox has been voluntary guidance since January 2020. It recommended that member states assess high-risk vendors and impose restrictions where necessary. Six years later, only 10 of 27 member states actually did anything meaningful about Huawei and ZTE. The patchwork approach created exactly the security gaps the Toolbox was supposed to prevent.
“The new legislation fixes that by making removal mandatory. High-risk suppliers must be phased out within three years of the law taking effect. The scope expands beyond mobile networks to fixed and satellite infrastructure across 18 critical sectors: water, electricity, cloud services, semiconductors, medical devices.
“The Commission will conduct EU-wide risk assessments based on country of origin and national security implications. ENISA gets real authority: early threat alerts, centralized incident reporting, coordination with Europol. A formal catalogue of high-risk suppliers will follow via implementing act. Huawei and ZTE are expected to be on it.
“This is expensive. Germany alone faces an estimated €2.5 billion to replace Huawei equipment across Deutsche Telekom, Vodafone, and Telefónica. EU-wide, operators are looking at roughly €3 billion annually in higher infrastructure costs. That’s not a rounding error. It’s why voluntary guidelines failed. Member states and operators kept finding reasons to delay.
“The legislation removes the option to delay. It’s regulatory coercion, and it’s probably necessary. Security through voluntary compliance only works when everyone complies. When half the member states ignore the guidance, you get exploitable gaps.
“For enterprises operating in the EU, this means vendor audits, procurement changes, and certification requirements through ENISA. The three-year timeline sounds manageable until you account for supply chain constraints and the reality that everyone will be competing for the same alternative equipment.
“Both approaches respond to the same underlying reality: Chinese state-affiliated actors have demonstrated capability and intent to compromise Western infrastructure. The UK and EU are choosing different tools to manage that risk.
“The UK is betting that communication reduces the chance of catastrophic miscalculation. The EU is betting that removing the attack surface is more reliable than trusting dialogue.
“Neither approach is wrong. They’re addressing different aspects of the same problem. The UK approach manages the state-to-state relationship. The EU approach manages the technical supply chain risk.
“For enterprises, the implication is clear: you can’t rely on a single approach. You need security architecture that accounts for both diplomatic uncertainty and regulatory mandates. The technology landscape is fragmenting, and your vendor strategy needs to fragment with it.”
John Carberry, Solution Sleuth, Xcape, Inc. follows with this comment:
“The UK-China cyber dialogue signals a shared understanding that unchecked cyber tensions pose serious escalation risks for global powers. Creating forums for discussing deterrence and intentions could minimize miscalculations, even if persistent accusations of espionage between the two nations remain unresolved.
“Concurrently, Europe’s implementation of mandatory restrictions on “high-risk” suppliers demonstrates that dialogue doesn’t automatically equate to trust. The EU’s framework signifies a stricter stance on supply-chain security, transitioning from voluntary recommendations to legally binding regulations with tangible economic impacts. This shift from voluntary guidelines to mandatory exclusions for companies like Huawei and ZTE suggests that while the UK pursues dialogue, the wider Western approach is leaning towards complete technological decoupling.
“ENISA’s augmented responsibilities for early warnings, incident reporting, and cross-border responses further underscore Europe’s focus on cybersecurity as a matter of technological sovereignty rather than mere IT best practices. By granting ENISA and Europol enhanced early-warning capabilities, the EU is fortifying itself against the very state-sponsored actors the UK is now engaging with diplomatically.
“Collectively, these trends illustrate a two-pronged strategy: diplomatic efforts to influence state conduct, combined with structural defenses to mitigate systemic vulnerabilities. Cybersecurity policy is increasingly serving as both a diplomatic instrument and a component of industrial strategy.
“You can’t build a bridge of trust with diplomacy while simultaneously bricking up the windows to keep the “partners” out of the house.”
Trust isn’t built overnight. Which I suspect will mean that any real traction on this will take a while to materialize any results. Which is fine as long as everyone sticks to it.
Leave a comment »