Google has revealed the various safety measures that are being incorporated into its generative artificial intelligence (AI) systems to mitigate emerging attack vectors like indirect prompt injections and improve the overall security posture for agentic AI systems.
"Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections

Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks

Scammers used Inferno Drainer to steal $43,000 in crypto from 110 CoinMarketCap users through a fake wallet prompt embedded in the site’s front-end.

A coordinated crypto theft operation targeting CoinMarketCap users has been exposed after leaked images surfaced from a Telegram channel known as TheCommsLeaks. The attack used a convincing wallet connection prompt embedded in CoinMarketCap’s own interface, tricking users into handing over access to their wallets. The result? more than $43,000 worth of crypto funds drained in hours.

According to Tammy H, a Senior Threat Intelligence Researcher and Certified Dark Web Investigator at Flare.io, a Canada-based cybercrime intelligence firm, the attack was carried out using Inferno Drainer, a known wallet-draining toolkit that’s been linked to previous campaigns.

****A Pop-Up with a Price****

The method was simple but effective. Users visiting CoinMarketCap were presented with a prompt asking them to “Verify Your Wallet” to access features. It looked identical to legitimate pop-ups seen on the platform, giving users no reason to doubt it. However, once connected, wallets were quietly emptied of whatever assets they held.

Video credit: apoorv.eth on X (Twitter)

A source cited in the leak claimed the prompt appeared across nearly every page on the site. “Make it where it appears on every page,” read one message. “Most people have coins pinned… the second they render the site.”

The attacker seemed focused on increasing visibility and maximizing wallet connections. Some reports suggest that even the connect button began malfunctioning due to being rendered too many times.

****Inside the Leak****

As per Tommy H’s analysis, the Telegram channel TheCommsLeaks began sharing details around 7:30 PM local time on June 20. The messages included screenshots showing a live dashboard used by the attacker. These visuals displayed wallet connections, token transfers and total values drained in real time.

Early numbers showed 67 successful hits and over 1,300 wallet connections. The payout was already past $21,000 within the first wave. By the time the campaign ended, the final haul had climbed to $43,266, drained from 110 victims.

Tokens siphoned off included SOL, XRP, EVT, and smaller coins like PENGU and SHDW. One transaction involving $1,769 in XRP was linked to a wallet visible on BscScan, offering public confirmation of the theft.

However, the researcher noted that not every attempt succeeded. Logs from the attacker’s toolkit also showed multiple failed drains, typically due to wallets holding unsupported tokens or negligible balances.

Attackers on Telegram

****What Happened on CoinMarketCap?****

After growing speculation over whether the attack came from a spoofed domain, CoinMarketCap addressed the issue directly. In a statement published on X, the company said a doodle image displayed on their homepage had triggered malicious code through an embedded API call. This vulnerability caused the unauthorized wallet prompt to appear for some users.

The company confirmed that its security team responded immediately after detecting the issue. The malicious content was removed, and internal systems were patched to prevent further abuse.

“All systems are now fully operational, and CoinMarketCap is safe and secure for all users,” the company stated, adding that it continues to monitor the situation and provide support.

This incident goes on to show how small interface changes, even those involving something as harmless as a homepage doodle, can be leveraged for large-scale damage. While the use of a legitimate platform’s own environment to deploy malicious prompts is extremely concerning, it reflects how easily trust in familiar interfaces can be misused.

In a separate incident reported by Hackread just last week, scammers exploited search ads to trick users into calling fake support numbers shown on real websites like Apple and PayPal. Though technically unrelated, both cases show how attackers rely on user assumptions about what’s safe to interact with online.

For now, users are advised to avoid connecting wallets directly through pop-ups and verify any prompt against the platform’s official guidance. If something looks familiar, that doesn’t always mean it’s safe.

Scammers Use Inferno Drainer to Steal $43K from CoinMarketCap Users

A new FS-ISAC and Akamai report warns that sophisticated DDoS attacks are severely impacting the global financial sector, leading to multi-day outages. Learn about these evolving threats and how institutions can strengthen defences.

A new joint report released today by FS-ISAC, a non-profit organization focused on financial cybersecurity, and Akamai Technologies, a leading cybersecurity and cloud company, reveals a worrying trend: Distributed Denial-of-Service attacks (DDoS attacks) are increasingly targeting the global financial sector.

These attacks aim to overwhelm online services, disrupting customer access and business operations, ultimately eroding trust and impacting profits. The report, shared with Hackread.com, emphasises the growing sophistication and strategic nature of these cyber threats.

****Evolving Attack Strategies and Key Findings****

According to the report, the financial services sector was the primary target for large-scale DDoS attacks in 2024, which involved flooding a system with massive amounts of traffic, with a notable surge in October 2024. Attacks specifically targeting the application layer of financial services grew by 23% between 2023 and 2024.

The report also notes a rise in more precise attacks against financial firms’ Application Programming Interfaces (APIs) with a 58% rise observed between 2023-24 which allow different software to communicate, and their customer-facing websites.

These targeted assaults are harder to spot because they mimic normal user behaviour, indicating a higher level of skill among cybercriminals. In 2024, a single attack campaign targeting multiple banks resulted in service disruptions that lasted for several days, illustrating the severe impact these incidents can have.

Teresa Walsh, FS-ISAC’s Chief Intelligence Officer, commented on this shift, stating, “DDoS attacks are becoming increasingly sophisticated, evolving from simple network flooding to targeted, multi-dimensional assaults that exploit intricate vulnerabilities across the entire supply chain.”

The use of DDoS-for-Hire services, where attackers can pay others to launch attacks, is also common. Geopolitical events, such as the Hamas-Israel and Russia-Ukraine conflicts, have also fuelled an increase in hacktivism, where cyberattacks are carried out for political reasons.

On the other hand, the Asia Pacific region experienced a sharp rise in these large-scale attacks, accounting for 38% of all volumetric DDoS attacks in 2024, a significant jump from 11% in 2023.

****Building Stronger Defences****

To help financial institutions better prepare, FS-ISAC and Akamai have introduced a five-level DDoS Maturity Model. This model helps organizations evaluate their current strengths and weaknesses in defending against DDoS attacks, allowing them to identify areas for improvement, prioritize investments, and boost their ability to withstand these threats.

Steve Winterfeld, Advisory CISO at Akamai, emphasized the ongoing nature of the threat: “Threat actors will continue to leverage DDoS attacks to exploit the security of our institutions.” He highlighted that effective defences involve implementing mitigation strategies, maintaining strong cybersecurity practices, and adopting industry best practices.

It must be noted that this collaboration is part of Akamai’s involvement in FS-ISAC’s Critical Providers Program, launched in 2022 to enhance supply chain security within the financial sector.

Report Warns of Sophisticated DDoS Campaigns Crippling Global Banks

Plus: Ukrainian hackers reportedly knock out a key Russian internet provider, China’s Salt Typhoon hackers claim another victim, and the UK hits 23andMe with a hefty fine over its 2023 data breach.

Amid Israeli airstrikes this week and the imminent threat of further escalations by the United States, Iran started severely limiting internet connectivity for its citizens, limiting Iranians' access to crucial information and intentionally pushing them toward domestic apps that may not be secure. Meanwhile, the Israel-tied hacking group known as Predatory Sparrow is waging cyberwar on Iran’s financial system, attacking Iran’s Sepah Bank and destroying more than $90 million in cryptocurrency held by the Iranian crypto exchange Nobitex.

With the US still reeling from last weekend's violent shooting spree in Minnesota targeting Democratic state lawmakers and their families, an FBI affidavit indicates that the suspected shooter allegedly used data broker sites to find targets’ addresses and potentially other personal information about them. The finding highlights the potential dangers of widely available personal data.

This week, WIRED published its How to Win a Fight package, which includes our roundup of tools for tracking the Trump administration’s attacks on civil liberties, plus the most up-to-date versions of our guides to protecting yourself from government surveillance, protesting safely in the age of surveillance, and protecting yourself from phone searches at the US Border. While you're at it, don't forget to print your own copy of the How to Win a Fight zine! Better yet, print two and leave one at your local coffee shop or library.

And there's more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**Israel Reports That Iran Is Hacking Security Cameras for Spying**

Israeli officials said this week that Iran is compromising private security cameras around Israel to conduct espionage as the two countries exchange missile strikes after an initial Israeli barrage. A former Israeli cybersecurity official warned on public radio this week that Israelis should confirm that their home security cameras are protected by strong passwords or shut them down. “We know that in the past two or three days, the Iranians have been trying to connect to cameras to understand what happened and where their missiles hit to improve their precision,” Refael Franco, the former deputy director general of the Israel National Cyber Directorate, said. Like many internet-of-things devices, surveillance cameras are notoriously vulnerable to takeover if they are not secured with strong account protections. They have previously been targeted in other conflicts for intelligence gathering.

**Ukrainian Hack Reportedly Caused Comms Blackouts, Data Deletion in Russia**

The Kyiv Post reported this week that hackers from Ukraine’s Main Intelligence Directorate (HUR) launched a cyberattack against Russian internet service provider Orion Telecom that disabled 370 servers, took down roughly 500 network switches, and wiped backup systems to hinder recovery. The attacks reportedly caused internet and television outages. Orion Telecom reportedly said that it was recovering from a large DDoS attack and would quickly restore service. The attack came on June 12, the national holiday known as Russia Day. “Happy holiday, disrespectful Russians," the attackers wrote in a message circulated on Telegram groups. "Soon you’ll be living in the Stone Age—and we’ll help you get there. Glory to Ukraine.” The attackers claim to be part of Ukraine's BO Team hacking group. Sources told the Kyiv Post that Russian security agencies working on the country's war against Ukraine use Orion Telecom and were affected by the connectivity outages.

**Viasat ID’ed as Another Victim in China’s Salt Typhoon Telecom Hacking Spree**

Bloomberg reported this week that the satellite communication firm Viasat discovered a breach earlier this year perpetrated by China's Salt Typhoon espionage-focused hacking group. In early December, US authorities revealed that Salt Typhoon hackers had embedded themselves in major US telecoms, including AT&T and Verizon. After revelations last year of the group's extensive telecom hacking spree in the US and elsewhere, WIRED reported in February that Salt Typhoon was still actively breaching new victims. Viasat says it has been cooperating with federal authorities to investigate its breach.

**23andMe Hit With UK Fine Over 2023 Data Breach**

The United Kingdom's Information Commissioner’s Office (ICO) said this week that it issued a £2.31 million ($3.1 million) fine to the beleaguered genetic testing company 23andMe as a result of the company's damaging 2023 data breach. Attackers were able to access user accounts and their data using stolen login credentials, because at the time 23andMe did not require that users set up two-factor authentication, which the ICO says violated the UK's data protection law. The company has since mandated this protection for all users. More than 155,000 UK residents had their data stolen in the breach, according to the ICO, which said that 23andMe “did not have additional verification steps for users to access and download their raw genetic data” when the breach occurred.

Israel Says Iran Is Hacking Security Cameras for Spying

Citizen Lab and Google uncovered a new, sophisticated cyberattack linked to Russian state actors that exploits App-Specific Passwords, bypassing Multi-Factor Authentication. Discover how to protect yourself from these evolving threats.

A new and highly sophisticated cyberattack, believed to be from a Russian state-linked group, has been revealed. This innovative method tricks people into creating and handing over App-Specific Passwords (ASPs), bypassing common security measures like Multi-Factor Authentication (MFA).

This sophisticated attack was jointly disclosed by the Citizen Lab (a research group at the University of Toronto) and Google’s Threat Intelligence Group (GTIG). Their investigation began after Keir Giles, a well-known expert on Russian information operations and a senior associate at Chatham House, contacted Citizen Lab for help after being targeted.

****A Malicious New Approach****

This new attack was different from typical phishing. It was slow and very convincing. It started on May 22, 2025, when Mr. Giles got an email from someone named Claudie S. Weber pretending to be a US State Department official. The email looked real, even with other official addresses in the “CC” line. The attackers took their time, sending over ten emails in several weeks to build trust. Experts think they might have used advanced tools to make their messages sound very natural.

Source: Citizen Lab

The main trick was to get Mr. Giles to sign up for a fake MS DoS Guest Tenant platform. They sent him a professional-looking PDF with instructions. This PDF guided him to create an App-Specific Password (ASP)for his Google account.

The Benign PDF (Source: GTIG)

For your information, an ASP is a special 16-digit code for older apps that don’t work with modern security. The hackers made it seem like this ASP would let him into a secure government system, but it actually gave them full control of his accounts.

****Russian Link and Future Warnings****

GTIG has identified the group behind these attacks as UNC6293. They believe, with some certainty, that UNC6293 is connected to APT29 (aka Cozy Bear), a cyber espionage group linked to Russia’s Foreign Intelligence Service (SVR). Google later detected the attack on Mr. Giles’s accounts, took steps to secure them, and disabled the attacker’s email address.

This incident highlights a growing concern: as standard security like MFA becomes more common, attackers are finding new ways to bypass it. Experts expect more social engineering attacks that target App-Specific Passwords.

Cybersecurity teams are now advised to be wary of how ASPS are used in their organizations and to educate users about these new risks. Google is already working to phase out ASPs for business users in Google Workspaces but still balances security with user needs for personal Gmail accounts.

Hackers Use Social Engineering to Target Expert on Russian Operations

Researchers have uncovered 30 exposed data sets containing over 16 billion login credentials which were likely harvested by infostealers.

When organizations, good or bad, start hoarding collections of login credentials the numbers quickly add up. Take the 184 million logins for social media accounts we reported about recently. Now try to imagine 16 billion!

Researchers at Cybernews have discovered 30 exposed datasets containing from several millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records.

The likely source: information stealers, or infostealers for short. Infostealers are malicious software designed specifically to gather sensitive information from infected devices. These malware variants silently extract credentials stored in browsers, email clients, messaging apps, and even crypto wallets, and send the data to cybercriminals.

And for those who are about to shrug it of as “probably old data,” it’s not. According to the researchers these aren’t just old breaches being recycled. This is fresh, weaponizable intelligence at scale.

Once again, an unfortunate demonstration on how effective and widespread infostealers are.

The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data.

But that doesn’t take away from the fact that these credentials are in the hands of cybercriminals who can use them for:

*   **Account takeovers**: Cybercriminals can use stolen credentials to hijack social media, banking, or corporate accounts.
*   **Identity theft**: Personal details enable fraud, loan applications, or impersonation.
*   **Targeted phishing**: Combining leaked data allows cybercriminals to engage in very convincing and personalized scams.
*   **Ransomware/business email compromise (BEC) attacks**: Compromised business credentials facilitate network intrusions or fraudulent wire transfers.

The leak includes credentials for virtually every large online service. Apple, Google, Facebook, Telegram, developer platforms, VPNs, and more.

And the number is so massive it exceeds our imagination. If you printed each credential (16 billion usernames + passwords) on a single line, using standard paper, and stacked the pages, the pile would reach far beyond the edge of the stratosphere (roughly 35 miles).

**How to protect against infostealers**

There are a few things you can do to limit the dangers of infostealers:

*   **Use an up-to-date and active anti-malware solution** that can detect and remove infostealers.
*   **Do not reuse passwords across different sites and services.** A password manager can be very helpful to create safe passwords and remember them for you.
*   **Enable two-factor authentication (2FA) for every account you can.** 2FA makes it much more difficult for an attacker to access your account with your login credentials. If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of 2FA can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

Data stolen by infostealers is often sold or posted online. If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll give you a free report.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online 

Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app passwords) as part of a novel social engineering tactic designed to gain access to victims' emails.
Details of the highly targeted campaign were disclosed by Google Threat Intelligence Group (GTIG) and the Citizen Lab, stating the activity

Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

OpenAI intends to help streamline the Defense Department's administrative processes using artificial intelligence.

OpenAI Awarded $200M Contract to Work With DoD

In this edition, Thor shares how a week off with a new car turned into a crash course in modern vehicle tech. Surprisingly, it offers many parallels to cybersecurity usability.

Wednesday, June 18, 2025 14:00

Welcome to this week’s edition of the Threat Source newsletter. 

June 9 was Whit Monday — a bank holiday here in Germany — so I decided to take the whole week off. It turned out to be the perfect opportunity to try out a brand new car. Little did I know, I was about to get a crash course in modern vehicle technology (and a few unexpected life lessons).

There’s an EU regulation that requires new cars to come equipped with “Advanced Vehicle Systems,” which include features like driver drowsiness and attention warnings, lane-keeping systems and intelligent speed assistance. I hadn’t swapped cars in over a decade, so I was blissfully unaware of just how intrusive these systems could be. 

While I generally appreciate technology that makes our life safer, these features gave me a tough time. The car seemed to beep at me constantly, so much so that the beeping itself became a distraction. Instead of focusing on the road, I found myself trying to decipher what each alert meant. After a few kilometers, I had to pull over and consult the manual just to figure out how to disable these “helpful” assistants. 

Problem solved? Not quite. Every time I turned off and restarted the car, the systems re-enabled themselves. Disabling the lane-keeping assistant was just a button press, but turning off the “intelligent” speed assistant required a convoluted sequence: six menu clicks, a long press then a short click. I had to dig out the manual every time. 

You might think I’m just cutting corners, or that I should pay better attention to speed limits. But here’s the thing: Technology fails, and these systems are no exception. Sometimes the cameras miss speed signs, or worse, pick up the wrong ones. I’ve read about people putting stickers on their windshields to block the camera, only to discover the system then falls back to GPS data, which can be outdated or just plain wrong. On one occasion, it thought a car was on a 50 km/h road when the person was actually on the Autobahn directly next and parallel to the road, which famously has no speed limit. 

Some drivers try to muffle the alerts by gluing the speaker, but in modern cars, the system also lowers the radio volume to make sure you hear the alarm. Pulling the fuse would disable the emergency brake, too — not something I’m willing to risk, regardless of how insurance would feel about it.

I ended up learning two important lessons that week. The first was technical: I dove into the world of Controller Area Network (CAN) bus wiring, protocols, network gateways and tools like SavvyCAN to understand how these systems work... and maybe how to disable a few, purely for educational purposes. 

The second lesson hit me later, and it was more personal. In my job, I often preach about deploying multi-factor authentication (MFA) everywhere. My focus has always been on keeping out the bad guys, not on the user experience. I never understood why anyone would use apps to automatically accept authentication pushes — it seemed crazy to me. But after a a few days with the car, I finally saw things from the user’s perspective. Security tools can’t just be effective; they also have to be easy to use. Reducing friction, like using single sign-on or minimizing unnecessary clicks, matters just as much. Users also need to understand why these barriers are in place. 

Tomorrow is another holiday. Maybe I’ll spend it exploring Kali Linux 2025.2 and the latest CARsenal tools (formerly CAN Arsenal). Who knows? I might just tap a wire or two — for educational purposes only, of course.

**The one big thing **

Cisco Talos has discovered that the North Korean-aligned threat actor Famous Chollima has been actively targeting cryptocurrency and blockchain professionals (primarily in India) through sophisticated phishing campaigns. Previously known for using the GolangGhost trojan, they've now introduced a Python-based variant called PylangGhost, which retains the same capabilities. Recent campaigns have targeted Windows users with the Python version, while MacOS users are still being hit with the Golang-based variant.

**Why do I care? **

Even if you're not in the cryptocurrency or blockchain space, this campaign highlights how threat actors are constantly evolving their tools. It's a reminder that no matter how niche or localized an attack might seem, the techniques could easily be adapted to broader campaigns. Plus, if attackers succeed in these targeted efforts, stolen credentials could ripple across networks and platforms globally.

**So now what?**

Take this as your cue to double-check your defenses. Ensure your organization's security tools can detect Python and Golang-based malware, and educate your teams on recognizing phishing attempts, especially fake job offers. Stay proactive by monitoring emerging threats like PylangGhost, because even if you're not the target today, tomorrow isn’t a guarantee.

**Top security headlines of the week **

**AI Scraping Bots Are Breaking Open Libraries, Archives, and Museums**  
AI bots that scrape the internet for training data are hammering the servers of libraries, archives, museums and galleries, and are in some cases knocking their collections offline. (404 Media)

**Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web**  
Hackers leaked the personal data of 7.4 million people in Paraguay on the dark web. A cybercriminal group called "Cyber PMC" demanded $7.4 million, blaming government corruption and poor security. (Security Affairs)

**Trend Micro fixes critical vulnerabilities in multiple products**  
Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities. (Bleeping Computer)

**Can’t get enough Talos? **

**When legitimate tools go rogue**  
From LOLBins to open-source utilities like DonPAPI, threat actors are leveraging legitimate tools to evade detection and carry out attacks. Read the blog here.

**Microsoft Patch Tuesday for June 2025**   
Microsoft released its monthly security update last week, which includes 66 vulnerabilities affecting a range of products, including 10 that Microsoft marked as “critical.” Read the blog here.

**Upcoming events where you can find Talos **

*   REcon (June 27 – 29) Montreal, Canada 
*   NIRMA (July 28 – 30) St. Augustine, FL 
*   Black Hat USA (Aug. 2 – 7) Las Vegas, NV

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507**  
MD5: 2915b3f8b703eb744fc54c81f4a9c67f  
VirusTotal: https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
Typical Filename: VID001.exe  
Claimed Product: N/A  
Detection Name: Win.Worm.Coinminer::1201

**SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91**  
MD5: 7bdbd180c081fa63ca94f9c22c457376  
VirusTotal: https://www.virustotal.com/gui/file/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91/details    
Typical Filename: IMG001.exe  
Claimed Product: N/A  
Detection Name: Simple\_Custom\_Detection

A week with a "smart" car

Miami, Florida, 18th June 2025, CyberNewsWire

**Miami, Florida, June 18th, 2025, CyberNewsWire**

**Halo Security’s Attack Surface Management Platform Honored for Exceptional Innovation and Successful Deployment Through The Channel**

Halo Security today announced that its attack surface management solution has been named a 2025 MSP Today Product of the Year Award winner by TMC, a leading global media company recognized for building communities in technology and business through live events and digital marketing platforms. 

The MSP Today Product of the Year Award honors standout products and services that are reshaping the managed services landscape—delivered through the Channel and purpose-built to meet the evolving needs of end users. The Halo Security platform was selected for its innovation, performance, and its measurable impact on customers and partners alike.

The Halo Security Attack Surface Management Platform enables organizations and managed service providers (MSPs) to discover, monitor, and secure their internet-facing assets. The platform combines attacker-like discovery methods with ongoing security monitoring, vulnerability scanning, and expert-led penetration testing services to help organizations of all sizes identify and remediate security risks before they can be exploited.

Designed with the Channel in mind, the platform offers easy-to-use client management and reporting, along with seamless integrations into tools like Slack, Jira, and major cloud providers. The platform empowers MSPs to deliver scalable, high-impact security services with minimal setup and configuration. With built-in PCI compliance reporting, dark web monitoring, and dynamic application security testing (DAST), Halo Security gives partners and clients alike the visibility needed to stay ahead of evolving threats and meet their compliance goals.

> “Our mission has always been to give organizations and our channel partners deep visibility into their digital presence,” said Lisa Dowling, CEO of Halo Security. “This award is a testament to the innovation behind our platform, the dedication of our team, and the success our MSP partners are driving for their clients every day.”

> “It gives me great pleasure to recognize Halo Security as a 2025 recipient of TMC’s MSP Today Product of the Year Award for their innovative attack surface management solution,” said Rich Tehrani, CEO of TMC. “Our judges were thoroughly impressed not only by the strength and features of the product, but by Halo Security’s commitment to the Channel—empowering partners to deliver exceptional service and drive meaningful results for their clients.” 

Winners of the 2025 MSP Today Product of the Year Award will be featured on MSP Today, the definitive resource for managed service providers, as well as across TMCnet’s media platforms.

**About Halo Security**

Halo Security is a comprehensive external attack surface management platform that provides asset discovery, risk assessment, and penetration testing in a single, easy-to-use dashboard. Founded by cybersecurity experts with backgrounds at McAfee, Intel, Kenna Security, OneLogin, and WhiteHat Security, Halo Security delivers a unique attacker-based approach to help organizations safeguard against potential threats. Users can learn more at halosecurity.com.

**About MSP Today**

MSP Today is the premier online destination for MSPs (Managed Service Providers) and IT service providers worldwide. As the industry’s leading web portal, we are committed to delivering timely and relevant news, cutting-edge product information, and invaluable insights to empower MSPs and IT professionals to thrive in today’s rapidly evolving technology landscape. Whether you’re seeking in-depth articles on emerging technologies, comprehensive product reviews, or actionable tips to optimize your IT services, MSP Today is your go-to resource for all things MSP-related. Users can learn more at www.msptoday.com.

**About TMC**

For more than 20 years, TMC has been honoring technology companies with awards in various categories. These awards are regarded as some of the most prestigious and respected awards in the communications and technology sector worldwide. Winners represent prominent players in the market who consistently demonstrate the advancement of technologies. Each recipient is a verifiable leader in the marketplace. TMC also provides global buyers with valuable insights to make informed tech decisions through our editorial platforms, live events, webinars, and online advertising. Users can learn more at www.tmcnet.com.

**Contacts**

**Director of Partnerships**  
**Lauren Ladra**  
**Halo Security**  
**\[email protected\]**  
**415-799-4568**  
**Manager, TMC Awards**  
**Stephanie Thompson**  
**TMC**  
**\[email protected\]**  
**203-852-6800**

Tag

#intel