Jurassic World Rebirth hits theaters next week, reminding us that the scariest predators are the ones that adapt. The same goes for today’s cyberthreats—deepfakes, identity-based intrusions, and overlooked vulnerabilities are getting smarter, faster, and harder to spot.
Like any good survival story, staying in the lead means continuing to evolve, so this week’s news roundup is packed with next-gen defenses to meet today’s threats. Plus we’ve got what you need to know about channel movers and shakers, some M&A activity you’ll want to keep an eye on, and some hard truths about supply chain risk.
In the battle of survival, be the Velociraptor—fast, smart, and always one step ahead. Happy reading!
Products & Solutions
Barracuda Launches Managed Vulnerability Security
Cybersecurity company Barracuda Networks launched Barracuda Managed Vulnerability Security. This fully managed service, powered by Barracuda’s global SOC, provides expert-led vulnerability scanning, analysis, and contextual reporting across organizations’ networks and cloud infrastructure. The service uncovers vulnerabilities across a broad range of hardware and software—including endpoints, servers, IoT devices, firewalls, and other network-connected systems—regardless of whether those vulnerabilities are associated with known exploits.
The service includes detailed, actionable reports, as well as an audit summary and prioritized remediation plan.
Barracuda Managed Vulnerability Security is available now through Barracuda channel partners. The service can be deployed on its own or integrated with Barracuda Managed XDR, a 24/7/365 threat detection and response offering.
Syncro Announces Universal Billing for Third-Party Licenses
Syncro, a platform provider for MSPs and IT teams, introduced a Universal Billing feature that automatically tracks and invoices third-party licenses, eliminating the need for manual reconciliation between vendor reports and PSAs.
Universal Billing automatically pulls daily license counts from supported Syncro Marketplace vendors, maps them to customers, and incorporates them into recurring invoices; it uses daily usage data to maintain billing precision as license counts change.
At launch, the feature supports Proofpoint and will expand to all Marketplace offerings by year-end, including Microsoft licensing through Syncro’s new XMM platform introduced in April.
Universal Billing is available now for all Syncro users.
Guardz Rolls Out Identity Threat Detection and Response (ITDR) for MSPs
Guardz, a cybersecurity company, launched an identity threat detection and response (ITDR) solution, further expanding its AI-native, unified MDR platform. The new ITDR capability combines real-time behavioral analytics and agentic AI with human-led threat hunting, automated response actions, and 24/7 expert support.
The Guardz Research Unit’s GRU threat hunters and Guardz AI agents’ findings are extracted from large sets of identity and log data from platforms like Microsoft 365 and Google Workspace to detect behavioral anomalies such as impossible travel, authentication anomalies, token theft, credential abuse, or mailbox takeovers. This data is enriched with broader user context to reduce false positives and highlight real threats.
For customers with the Ultimate Plan, Guardz’s AI triages the event and escalates it to the 24/7 MDR team, where human SOC analysts validate the incident and provide MSPs with expert guidance on containment actions.
The launch of the ITDR solution marks a broader strategic direction for Guardz as it expands its investment in threat research and MDR capabilities following its recent $56 million Series B funding.
The ITDR feature is available to all customers on the Guardz platform, in addition to 24/7 MDR for those on the Ultimate Plan.
Josys Adds SaaS Risk Analyzer and Identity Automation to Its Platform
Josys, s SaaS management platform provider, announced major updates to its product suite.
The new SaaS Risk Analyzer automatically surfaces critical security and compliance insights about every discovered application. Powered by Josys AI, the Analyzer leverages open-source information, public data, and vendor-specific attributes to generate both a security score (0–100) and risk level assessment (Low, Medium, High) for each app.
Additionally, the Analyzer identifies the extent to which applications are sharing data with third-party generative AI vendors and whether the developer shares customer data for AI model training. This new feature also adds contextual information about a discovered app’s security posture. The SaaS Risk Analyzer auto-populates all of this information for apps identified through Josys’ shadow IT discovery process. However, the feature is also available for broad-based search.
Josys has also expanded its turnkey automation templates with two new workflows. The Automated Onboarding Workflow provisions all designated applications when a new employee is onboarded. Workflows can be configured to grant access to company-wide tools by default, while also tailoring app assignments and access permissions based on user attributes such as department, location, or employment type.
The Automated Access Review Workflow adjusts user access settings immediately upon receiving completed responses during the access review survey process. If an employee confirms they no longer need a tool, access can be automatically revoked without manual intervention. Conversely, if shadow IT usage is validated, proper licenses can be assigned and brought under IT’s governance with zero manual action required.
Josys also rolled out enhancements to improve visibility, governance, and device control. These include an audit log dashboard, Jira service management integration, and MDM integrations with Microsoft Intune and Jamf.
Rewst Unveils Suite of AI Capabilities for MSPs
Rewst, an automation platform purpose-built for MSPs, unveiled a suite of AI-powered capabilities at the company’s annual FLOW conference.
New features for RoboRewsty, an intelligent assistant announced last year, embed contextual AI throughout the platform—enabling users to build, troubleshoot, and refine workflows using natural language.
The Jinja Co-Pilot feature provides real-time assistance writing, editing, and debugging Jinja expressions. Users can also ask questions and get immediately answers with links to relevant documentation—all without leaving the platform. Finally, RoboRewsty can analyze your automations and generate comprehensive documentation.
Rewst also introduced its Model Context Protocol (MCP) Server, which allows AI agents to interact with Rewst automations through a secure, structured interface—empowering them to discover, reason about, and execute tasks autonomously.
Rewst’s new MCP Server acts as a mission control layer, giving agents like ChatGPT, Claude Desktop, and custom copilots secure, structured access to workflows, variables, and metadata. With visibility into your automation environment, AI agents can reason, act, and deliver outcomes with autonomy.
And the new MCP Trigger enables AI tools to initiate Rewst workflows via a lightweight API.
“We’re entering a new phase where AI doesn’t just make workflows smarter—it’s making the automation platform itself smarter,” said Aharon Chernin, founder and CEO of Rewst, in a press statement. “With these latest capabilities, Rewst is enabling more MSPs to automate with speed and confidence—while becoming the connective tissue between your automation library and your AI stack.”
Rewst’s new RoboRewsty features and MCP Server are being rolled out in phases, starting in September and continuing throughout Q4.
Bitdefender Launches External Attack Surface Management for MSPs
Bitdefender, a global cybersecurity company, announced GravityZone External Attack Surface Management (EASM), giving MSPs and their customers visibility into their internet-facing assets and associated vulnerabilities via centralized discovery, monitoring, and management of expanding attack surfaces.
Without centralized oversight, assets such as unused domains, misconfigured cloud instances, and expired certificates often go unnoticed—leaving organizations vulnerable to attackers who continuously scan the internet for exposed systems.
Bitdefender GravityZone EASM is agentless, requiring no endpoint deployment, and continuously discovers, maps, and analyzes internet-exposed assets from an attacker’s perspective, enabling organizations to quickly assess risk, identify vulnerabilities, and take action before they are exploited.
The solution is available as an add-on to Bitdefender GravityZone, the company’s unified security, risk analytics, and compliance platform.
GravityZone EASM scans a wide range of asset types, including IPv4 and IPv6 addresses, IP blocks, email addresses, and domains. From these scans, it delivers comprehensive asset discovery by detecting publicly exposed IPs, expiring or expired certificates, vulnerable public services, open ports, and more—ensuring no asset is overlooked.
Bitdefender GravityZone EASM is available now for select GravityZone license tiers, and Bitdefender MDR services.
ManageEngine Launches MSP Central
ManageEngine, a division of Zoho, announced MSP Central—a unified platform designed to help MSPs streamline service delivery, device management, threat protection, and infrastructure monitoring from a single interface. Its modular, cloud-native architecture supports native multitenancy, fine-grained role-based access control, and seamless integrations with both Zoho apps and third-party tools.
The platform includes RMM, PSA, advanced server monitoring, endpoint security, AI powered automation, and third-party integrations. With the modular architecture, MSPs can adopt just the components required; there is no bundling or mandatory licensing. According to the company, it is built for integration into cloud marketplaces and partner ecosystems.
MSP Central marks the foundation of ManageEngine’s long-term MSP platform strategy. Future enhancements will focus on expanding into adjacent domains like SIEM, privileged access management, and advanced analytics. The platform will also evolve to support deeper integrations with business applications and partner ecosystems, according to the company.
MSP Central is available globally starting today.
Partnerships & Integrations
KnowBe4 Collaborates with Microsoft to Strengthen Email Security
KnowBe4, a human risk management platform provider, announced a strategic integration with Microsoft Defender to strengthen email security. As the first initiative in Microsoft’s ICES (Integrated Cloud Email Security) vendor ecosystem, this integration establishes a blueprint for how security vendors can work together to deliver enhanced protection for mutual customers.
Created specifically to complement Microsoft 365’s existing email security, KnowBe4 Defend brings agentic AI approaches to advanced inbound threat detection capabilities that complement and enhance Microsoft’s native protections. The integration allows organizations to maintain their existing Microsoft security investments while adding an additional layer of specialized threat detection and response.
People
Pia, an AI-led help desk automation platform for MSPs, appointed David Schwartz as its new CEO. Schwartz, who joined Pia earlier this year as the general manager and chairman of the Growth Advisor Committee, brings deep leadership experience in SaaS, managed services, and AI automation to the role. Schwartz previously served as CEO of Wireless Watchdogs, which Dataprise acquired … Proofpoint, a cybersecurity and compliance company, appointed Tom Corn as executive vice president and general manager of its Threat Protection business, effective immediately. Prior to joining Proofpoint, Corn co-founded a startup focused on securing agentic-AI applications. He previously served as chief product officer at Ontinue, and has held senior leadership positions at VMware and RSA.
M&A – MSPs
CMIT Solutions, an MSP franchisor with over 280 locations, acquired Wright Technology Group (WTG), a Southern-Massachusetts-based MSP. Howard Wright, WTG’s president, will remain on board.
“This acquisition underscores CMIT’s ongoing commitment to strengthening our presence in Providence and investing in the broader New England region,” said Roger Lewis, CEO of CMIT Solutions, in a press statement. “Bringing Wright Technology Group into our network allows us to build on a foundation of customer-first service and deepen our capabilities across Southern and Central Massachusetts. Together, we’re better positioned to deliver advanced IT solutions and trusted local support to businesses throughout Greater New England.”
Expansion
Coro, a cybersecurity platform for small and midsize businesses, is expanding into the ANZ region. As part of its formal entry into ANZ, Coro signed a distribution agreement with Bluechip Infotech, one of the largest distributors in the region, with a network of hundreds of MSPs and resellers. The expansion is being led by Joe Sykora, Coro’s SVP and GM of the Americas and ANZ, and comes as part of the company’s broader global channel-first strategy—following its EMEA expansion and recent launch of the Coro Compass partner program.
By the Numbers
Third-Party Risk Management Lagging in Face of Rising Threats
Supply chain risk is outpacing organizations’ cybersecurity protections, according to SecurityScorecard’s just released 2025 Supply Chain Cybersecurity Trends Survey,
The research finds that 88% of respondents surveyed say they are concerned about supply chain cybersecurity risks, and more than70% of organizations report experiencing at least one material third-party cybersecurity incident in the past year; 5% suffered 10 or more incidents.
Fewer than half of organizations monitor cybersecurity across even 50% of their nth-party supply chains, and 79% say that less than half of their nth-party supply chain is currently covered by cybersecurity programs.
Worse, only 26% of organizations incorporate incident response into their supply chain cybersecurity programs. The majority rely on point-in-time, vendor-supplied assessments or cyber insurance.
SecurityScorecard, which provides security ratings and third-party risk management solutions, offers these recommendations:
- Integrate threat intelligence across vendor ecosystems
- Establish a dedicated supply chain incident response workflow:
- Implement vendor tiering
- Foster a culture of shared accountability and resilience
