Our Story

Services

Resources

Events

Contact

September 11, 2025

29 minutes read

September Vendor Stories

Edition 13: Smarter Defenses, Stronger Partnerships, Safer Futures

From stopping zero-day phishing attacks to governing Shadow AI risks, our September edition showcases the solutions and partnerships helping organisations build resilience. Discover how our vendor ecosystem is enabling security teams to act faster, reduce risk, and stay compliant in an unpredictable cyber landscape.

In this issue:

  • SecuraNova Your security backlog is a ticking clock — why every day you wait costs more.
  • LayerX The phishing campaign that fooled Microsoft users — and how LayerX blocked it in real time.
  • runZero When a vulnerability’s risk score spikes 30% overnight, here’s how to spot it before attackers do.
  • Sekoia.io The European-built SOC platform helping critical infrastructure defend against escalating threats.
  • Brandefense Germany’s financial sector under siege: the dark web, ransomware, and 220M+ leaked records.
  • Vicarius Why pre-emptive exposure management is replacing traditional vulnerability scans.
  • Security Journey The “hidden” weaknesses just below the CWE Top 25 — and why AI-assisted coding makes them worse.
  • Commugen Shadow AI is already inside your development teams — here’s how to see it and control it.


undefined

Your security backlog isn’t shrinking on its own.

Every week it lingers, the cost of fixing it climbs — and so does the risk to your business.

At SecuraNova, they combine AI-driven penetration testing with expert analysis to help you:

  • Uncover vulnerabilities before attackers do
  • Prioritise issues based on real-world risk
  • Resolve threats faster, with less disruption

Because the longer you wait, the harder – and more expensive – it becomes to catch up.

#CyberSecurity #SecuraNova #AI #PenTesting #InfoSec

https://media.licdn.com/dms/document/media/v2/D4E1FAQGAosm2YK9RdQ/feedshare-document-pdf-analyzed/B4EZiZgDbCGoAY-/0/1754921977432?e=1755734400&v=beta&t=S4CoRrUAhzUT4Ny7knZVsRCB-yE0BsgGC2X8Q3lMiow



undefined

A new phishing campaign is using fake ‘Microsoft verification’ and a replica Microsoft Teams download page to trick users into installing malware.


The attack works in two stages:

  1. A convincing CAPTCHA screen posing as Microsoft verification.
  2. A pixel-perfect imitation of the Teams download page, leading to a malicious file.

Why it’s effective:

  • Two-step flow builds trust before delivering the payload
  • Professional-grade impersonation of Microsoft branding
  • Language targeting for credibility in specific regions

Why traditional security missed it:

  • Brand-new domain not on blocklists
  • Valid SSL for false reassurance
  • No malware in the first stage for EDR/SWG to detect

How LayerX stopped it instantly: Their browser-level phishing detection engine analyses over 250 parameters to identify and block such threats in real-time – regardless of language or domain age.


Discover how LayerX can protect against zero-day phishing: https://lnkd.in/d5qzCD6X


undefined

Risk scores are always moving — but which shifts really matter?


Most days, EPSS changes are small. But when a CVE jumps (or drops) 30%+ overnight, that’s a signal you can’t afford to ignore.

That’s why runZero built EPSS Pulse — a new research tool that tracks daily volatility in exploitability scores, helping security teams cut through the noise and focus on what’s most likely to be exploited.


At Black Hat, Tod Beardsley was showcasing EPSS Pulse as part of our mission to deliver sharper, data-driven visibility for vulnerability prioritization.

With EPSS Pulse, you can: Spot rapidly changing CVEs Focus on likely-to-be-exploited threats * Prioritize with confidence


Explore the tool: https://lnkd.in/gp-mWvfj Read the blog: https://lnkd.in/gqGR7a_4




undefined

The demand for sovereign cyber defense solutions across Europe is rapidly increasing—particularly when it comes to protecting EU-designated critical infrastructure sectors.


SOC teams are under mounting pressure to modernise their capabilities while maintaining full control, compliance, and resilience.


Sekoia.io, a European-developed cyber defense platform, is uniquely positioned to support this mission. By aligning with the SOC-CMM framework, Sekoia.io empowers organisations to enhance operational maturity while addressing the critical priorities of European digital sovereignty.


In this article, you’ll find a strategic overview of how Sekoia.io strengthens SOC capabilities across the five core SOC-CMM domains—Business, People, Process, Technology, and Services—with a strong focus on compliance and critical infrastructure defense.


Read the full article here: https://lnkd.in/eRwR8Un3



undefined

🇩🇪 Germany’s financial sector is under cyber siege.


Phishing, ransomware, and dark web leaks are all rising rapidly.

📊 Their latest report breaks it down:

  • 220M+ leaked records
  • Targeted attacks on banks
  • Dark web trends 2025

 Read more: https://lnkd.in/dgcFVAck



undefined

Pre-emptive Exposure Management: Moving from Reactive to Proactive


Most organisations still rely on periodic scans and static lists — leaving critical gaps for attackers to exploit. Pre-emptive exposure management changes the game by delivering continuous, real-time coverage across your entire attack surface.


The approach:


• See everything – Continuous asset discovery, including shadow IT and misconfigurations

• Prioritise intelligently – Contextual risk scoring with real-time threat intelligence

• Fix fast – Automated, low-disruption remediation

• Validate continuously – Confirm exposures are closed and false positives removed


With automation, contextual intelligence, and a lifecycle of assessment through to monitoring, you reduce attack windows and measurably improve resilience.

Discover how Vicarius can help you act before threats become breaches.



undefined

Everyone's watching the CWE Top 25, but what about the weaknesses just below the surface?

Security Journey takes it a step further with their "On the Cusp" Weaknesses Insights — revealing the emerging vulnerabilities being fueled by evolving tech like AI-assisted development. 


As attack surfaces shift and coding practices evolve, it’s critical for developers and security teams to understand where threats are headed next.

Get ahead of the curve. Read the blog here: https://ow.ly/BYNW50WrkkH



undefined

Shadow AI: The Hidden Risk in Your Development Teams


Generative AI tools like GitHub Copilot, ChatGPT, and CodeWhisperer are transforming software delivery — but they’re also introducing Shadow AI: AI tools used without approval, monitoring, or governance.


Operating inside IDEs and browsers, they bypass traditional cyber controls, creating blind spots in data security, compliance, and code integrity.


  • Key risks include:
  • Insecure or vulnerable AI-generated code
  • Prompt injection attacks
  • GDPR, ISO 27001, and NIS2 violations
  • Unintentional data exposure
  • No audit trail or oversight

CISOs and CTOs need visibility, not bans. The solution is responsible enablement: discover usage, assess data sensitivity, set clear guidelines, and automate governance.


With Commugen’s AI Risk Management platform, organisations can detect unsanctioned AI tools, map risks to recognised frameworks, and enforce policies without slowing down development.


Shadow AI isn’t coming — it’s already here. The question is whether you can see it.


Read full blog here: https://www.cyber.commugen.com/post/ai-dev-tools-copilot-shadow-ai-risks-cisos-can-t-ignore



Stay Connected, Stay Ahead

Thank you for being part of the EMEA Channels community. Whether it’s enablement, market growth, or strategic collaboration — we’re here to help cybersecurity vendors turn vision into value. Until next time:

Stay connected | Stay engaged | Stay ahead


🔗 Subscribe to future newsletters



020 3744 0406

sales@emea-channels.com