European police, led by Denmark and Sweden, are arresting individuals in a crackdown on violence-as-a-service, where criminal groups recruit teenagers online for contract killings. Learn about Europol's OTF GRIMM task force and how they're fighting this disturbing trend.

European law enforcement agencies, led by Denmark and Sweden, are intensifying their fight against a disturbing new criminal trend: the online recruitment of young people, some as young as 14, to carry out contract killings. This practice, termed violence-as-a-service, sees criminal groups using encrypted online platforms to offer money for shootings, often across national borders.

As per Europol’s press release, recent efforts, spearheaded by Denmark’s National Special Crime Unit and the Swedish Police, have led to several arrests. Following investigations into violent acts, including a shooting in Kokkedal on May 7, 2025, seven individuals, aged between 14 and 26, have either been arrested or surrendered from countries like Sweden and Morocco.

Among those caught are two 18-year-old men from Western Sweden, suspected of actively recruiting youngsters for these deadly tasks. Authorities indicate that some suspects also provided weapons, ammunition, and safe places for these young attackers.

****International Alliance Against Online Crime****

This alarming development has prompted a stronger international response. Europol launched Operational Taskforce (OTF) GRIMM in April 2025 to directly address the use of encrypted services for coordinating contract killings across Europe. The task force now includes Belgium, Denmark, Finland, France, Germany, Iceland (the latest country to join), the Netherlands, Norway, Sweden, and Europol itself, with more nations expected to join soon.

Andy Kraag, Head of Europol’s European Serious Organised Crime Centre, highlighted the severity, stating, “Teenagers being paid to pull the trigger, this is what organised crime looks like in 2025. This is calculated outsourcing of murder by criminal networks that treat human lives as disposable assets.”

****A Familiar Crime****

This isn’t the first time online platforms have been exploited for grave crimes. As Hackread.com recently reported that the global 764 network child abuse ring, led by individuals like Leonidas Varagiannis (21) and Prasan Nepal (20), also used encrypted apps to orchestrate horrific exploitation.

This past case, resulting in arrests in the US and Greece, underscores a persistent challenge: the anonymous nature of digital spaces can facilitate serious criminal activity, including those involving minors.

Europol encourages parents and communities to look for early signs of criminal recruitment, such as sudden behavioural changes or unexplained wealth, offering guides for protection. Law enforcement continues to track the masterminds behind these operations, aiming to dismantle their hidden online infrastructure.

Violence-as-a-Service: Encrypted Apps Used in Recruiting Teens as Hitmen

Anubis ransomware group claims a 64GB data breach at Disneyland Paris, leaking some engineering files and attraction plans via its dark web site.

The infamous Anubis ransomware gang has listed Disneyland Paris as its latest victim. Hackread.com can confirm that the group posted details of the alleged breach on its dark web leak site, stating that the stolen data archive totals 64GB.

Anubis is a ransomware-as-a-service (RaaS) operation that surfaced in December 2024, evolving from an earlier test version named “Sphinx.” It has no connection to the Android banking trojan or Python backdoor that share the same name.

The gang offers profit-sharing models for its affiliates: 80% from encrypted ransom payments, 60% from data leaks, and 50% from access resales. Trend Micro recently reported that the group is using a “Built-in Wiper,” a feature that completely erases/wipes off data from compromised systems.

Regarding the Disneyland Paris incident, the group described it as “the largest data leak in the history of Disneyland Park.” They stated that 39,000 files related to construction and renovation activities at the park were obtained. According to them, the data was acquired during a breach involving one of Disneyland’s partner companies.

Screenshot from the Anubis Ransomware gang’s dark web leak blog (Image credit: Hackread.com)

“During the leak of data of the partner company, 39,000 files related to the construction and renovation of the Disneyland Paris location ended up in our hands,” the group wrote.

To support their claim, the operators announced they would release a portion of the data within the next five hours. So far, images and videos have been uploaded to their site, allegedly showing detailed drawings of various park attractions.

The archive, as per Anubis’ claims includes plans for Frozen, Crush’s Coaster, Pirates of the Caribbean, Big Thunder Mountain, Autopia, Buzz Lightyear, Orbitron, Casey Jr., Phantom Manor, Ratatouille, and more.

Additional images show engineering-related work at the site. To stress the significance of the breach, the group noted that Disneyland typically signs NDAs with employees, strictly prohibiting them from sharing internal material publicly.

Screenshot from the Anubis Ransomware gang’s dark web leak blog (Image credit: Hackread.com)

However, the post does not specify whether any customer or visitor information is included in the files. It also does not clarify if a ransom demand has been issued to Disneyland Paris. On its official Twitter (now X) account, the group was seen bragging about the incident on June 12, 2025.

For now, the breach remains unverified. Hackread.com has contacted Disneyland Paris for comment. This article will be updated if a response is received.

Anubis Ransomware Lists Disneyland Paris as New Victim

A new detection method from Varonis Threat Labs turns hackers' sneaky random patterns into a way to catch hidden cyberattacks. Learn about Jitter-Trap and how it boosts cybersecurity defenses.

Cybersecurity experts at Varonis Threat Labs have identified a clever new way to spot hidden cyberattacks, even those used by highly skilled state-sponsored groups and criminal gangs.

Their new technique, called Jitter-Trap, focuses on identifying patterns of randomness that hackers use to stay secret. This fresh approach aims to catch a tricky part of cyberattacks known as “post-exploitation and C2 communication.”

For your information, attackers often use special software, or beacons, that send signals back to their control centers. These beacons are designed to be hard to find by using random timings, like a heartbeat that speeds up and slows down without a clear pattern.

The Jitter-Trap method flips this idea altogether. Instead of getting fooled by the randomness, Varonis’s research shows that this very randomness creates its own unique fingerprint that security teams can detect.

These beacons are part of larger hacking tools, sometimes called post-exploitation frameworks, such as Cobalt Strike or Sliver. While these tools can be used for good purposes, like testing security, criminals may use them to quietly stay inside a network, steal data, or take over computers. These advanced tools include ways to hide their activity by making their network traffic look like normal internet use, for example, a harmless Microsoft update or a common website visit.

Traditionally, security teams look for known bad files, unusual user actions, or specific network patterns to find these hidden threats. However, hackers are always updating their methods, making it easy to bypass old detection rules or create new ways to avoid being caught. Varonis’s Jitter-Trap specifically looks at how beacons communicate, as per their blog post, shared with Hackread.com.

When these beacons check in with their operators, they use a sleep time and a jitter setting. The sleep is how long they wait between checks, and jitter adds randomness to this wait time. While many legitimate online services also use regular checks, the specific type of randomness created by a beacon’s jitter settings is usually unique.

Sleep with jitter visualization (Source: Varonis)  

Moreover, Varonis found that even though jitter is meant to hide activity, the random timings it produces, especially over longer periods, form a recognizable pattern, like a uniform distribution, that is uncommon in normal network traffic. This allows security experts to identify these subtle differences. The technique also applies to other random elements, such as the size of data being sent or the way web addresses (URLs) are generated.

This detection method helps security professionals better defend against advanced threats. By looking for these specific random patterns, organizations can spot and stop hidden cyber activity more effectively, using the attackers’ own evasion techniques against them.

New Detection Method Uses Hackers’ Own Jitter Patterns Against Them

Citizen Lab and Google uncovered a new, sophisticated cyberattack linked to Russian state actors that exploits App-Specific Passwords, bypassing Multi-Factor Authentication. Discover how to protect yourself from these evolving threats.

A new and highly sophisticated cyberattack, believed to be from a Russian state-linked group, has been revealed. This innovative method tricks people into creating and handing over App-Specific Passwords (ASPs), bypassing common security measures like Multi-Factor Authentication (MFA).

This sophisticated attack was jointly disclosed by the Citizen Lab (a research group at the University of Toronto) and Google’s Threat Intelligence Group (GTIG). Their investigation began after Keir Giles, a well-known expert on Russian information operations and a senior associate at Chatham House, contacted Citizen Lab for help after being targeted.

****A Malicious New Approach****

This new attack was different from typical phishing. It was slow and very convincing. It started on May 22, 2025, when Mr. Giles got an email from someone named Claudie S. Weber pretending to be a US State Department official. The email looked real, even with other official addresses in the “CC” line. The attackers took their time, sending over ten emails in several weeks to build trust. Experts think they might have used advanced tools to make their messages sound very natural.

Source: Citizen Lab

The main trick was to get Mr. Giles to sign up for a fake MS DoS Guest Tenant platform. They sent him a professional-looking PDF with instructions. This PDF guided him to create an App-Specific Password (ASP)for his Google account.

The Benign PDF (Source: GTIG)

For your information, an ASP is a special 16-digit code for older apps that don’t work with modern security. The hackers made it seem like this ASP would let him into a secure government system, but it actually gave them full control of his accounts.

****Russian Link and Future Warnings****

GTIG has identified the group behind these attacks as UNC6293. They believe, with some certainty, that UNC6293 is connected to APT29 (aka Cozy Bear), a cyber espionage group linked to Russia’s Foreign Intelligence Service (SVR). Google later detected the attack on Mr. Giles’s accounts, took steps to secure them, and disabled the attacker’s email address.

This incident highlights a growing concern: as standard security like MFA becomes more common, attackers are finding new ways to bypass it. Experts expect more social engineering attacks that target App-Specific Passwords.

Cybersecurity teams are now advised to be wary of how ASPS are used in their organizations and to educate users about these new risks. Google is already working to phase out ASPs for business users in Google Workspaces but still balances security with user needs for personal Gmail accounts.

Hackers Use Social Engineering to Target Expert on Russian Operations

Red Canary uncovers 'Mocha Manakin,' a new threat using paste and runs to deliver custom NodeInitRAT malware, potentially leading to ransomware. Learn to protect your systems.

A new and concerning cyber threat, dubbed Mocha Manakin, has been identified by cybersecurity research firm Red Canary. First tracked in January 2025, this threat uniquely combines social engineering tricking people with specially built malicious software.

Mocha Manakin uses a deceptive tactic called paste and run (also known as Clickfix or fakeCAPTCHA). This method fools computer users into unknowingly copying and running harmful commands, often disguised as steps to fix access to a document or prove they are human.

These fake instructions bypass regular security checks, making it easy for the malicious script to download further harmful programs onto the victim’s computer. Since August 2024, Red Canary has seen a rise in paste-and-run attacks due to their effectiveness in tricking users.

****NodeInitRAT: A Custom-Built Backdoor Leading to Ransomware?****

According to the company’s technical blog post, what makes Mocha Manakin different is the custom-made malicious program it delivers: a NodeJS-based backdoor called NodeInitRAT. Once a user falls for the paste-and-run trick, a PowerShell command is executed to download a .zip file, which is then saved to the user’s temporary folder, typically C:\Users\<user>\AppData\Local\Temp\.

This .zip archive contains a legitimate node.exe program. The PowerShell then uses this node.exe to run the NodeInitRAT malicious code, passing it directly via the command line.

Attack Chain (Source: Red Canary)

Once installed, NodeInitRAT can secretly gather sensitive network information, run any commands it’s given, and deploy more harmful software. This custom backdoor communicates with its controllers over the internet, often using legitimate Cloudflare tunnels to hide its activity.

As of May 2025, Red Canary has not directly seen Mocha Manakin lead to ransomware. However, based on its capabilities and links to Interlock ransomware activity observed by Sekoia.io, Red Canary believes with moderate confidence that unstopped Mocha Manakin infections could likely result in ransomware attacks. This connection is concerning, highlighting the serious potential for data encryption and financial demands.

****How to Protect Against Mocha Manakin****

Red Canary advises organizations to educate their staff about paste-and-run tactics, teaching them not to follow unexpected instructions that ask them to copy and paste commands into their system. Monitoring for unusual computer behaviours is also crucial. If NodeInitRAT is found, immediately stop active node.exe processes running the malware. The harmful code might also exist in hidden files (like those found in AppData\Roaming) or in Windows Registry entries, which should be deleted to prevent the malware from running again.

For network defence, blocking communication with known harmful domains used by NodeInitRAT can prevent it from connecting with its controllers. Technical teams can also set up detection rules to detect PowerShell commands that use invoke-expression and invoke-restmethod, which are typical signs of Mocha Manakin’s initial infection. By staying alert and implementing these protective measures, organizations can significantly reduce their risk from this growing threat.

New Mocha Manakin Malware Deploys NodeInitRAT via Clickfix Attack

Banana Squad hid data-stealing malware in fake GitHub repos posing as Python tools, tricking users and targeting sensitive info like browser and wallet data.

ReversingLabs researchers recently uncovered a new and worrying attack method led by a group called Banana Squad. This group, first identified by Checkmarx researchers in October 2023, is known for their sneaky methods, with their name coming from an early harmful internet address, bananasquadru.

ReversingLabs team, including Principal Malware Researcher Robert Simmons, found over 60 fake project folders, called repositories, on GitHub. These folders looked like real computer hacking tools written in Python, but they were actually trojanized, meaning they contained hidden malicious code.

Malicious code was placed in the top section of the repository, while the lower part appeared harmless (Image via ReversingLabs)

In their earlier attacks, starting in April 2023, Banana Squad put out hundreds of bad software packages under various usernames, researchers noted in their blog post shared with Hackread.com. These programs were designed for Windows computers and aimed to “steal extensive amounts of sensitive data,” including information from computers, apps, web browsers, and even cryptocurrency wallets by redirecting money.

These bad packages were downloaded nearly 75,000 times before they were found and removed. More recently, in November 2024, a harmful project from Banana Squad, found at dieserbenniru, showed a new trick. They used a GitHub feature where long lines of code don’t wrap.

Additionally, attackers added many spaces to push their malicious code off the screen, making it invisible to someone just looking at the code. This makes it much harder to spot the hidden danger. Fake user accounts, often with only one project listed, are commonly used by Banana Squad to host these harmful repositories.

Beyond Banana Squad’s specific activities, the overall increase in OSS risk points to ongoing problems. A new report for 2025 from ReversingLabs shows a changing picture in the safety of open-source software (OSS).

While overall malware found in OSS repositories significantly dropped in 2024 – a 70% decrease across platforms like npm, PyPI, and RubyGems compared to 2023 – the risk to software development from OSS is actually growing.

These threat actors are getting smarter. They are using more hidden and complex ways to attack, especially on platforms like GitHub, instead of just uploading simple malware. This positive trend in malware reduction is partly thanks to better security measures, including mandatory two-factor authentication (2FA) and the OpenSSF’s Malicious Packages Repository, launched in 2023.

Other reports indicate issues like a rise in secret leaks in 2024, where sensitive login details are exposed. Also, a look at top OSS packages revealed many security holes and code rot – a reliance on old, unmaintained code. This means popularity does not equate to security. The evolving threat means everyone using open-source software needs to be more watchful and use better tools to stay safe from groups like Banana Squad and other emerging threats.

Banana Squad Hides Data-Stealing Malware in Fake GitHub Repositories

Cybercriminals are injecting fake support phone numbers onto official sites like Bank of America and Netflix. Learn how 'search parameter injection' scams work and protect yourself now.

Cybercriminals are finding clever new ways to trick people, even on the official websites of major companies. Malwarebytes Senior Director of Research, Jérôme Segura, has identified a widespread scam where fake phone numbers for customer support are being inserted directly onto the legitimate help pages of well-known brands.

This trick has been seen affecting companies like:

1.  HP
2.  Apple
3.  Netflix
4.  PayPal
5.  Microsoft
6.  Facebook
7.  Bank of America

****How the Search Parameter Injection Works****

The scam typically starts with a sponsored advertisement on Google, which directs users to the real company website. It is worth noting that instead of creating a fake website, these scammers use a clever technique called a search parameter injection attack.

This means they create a special, malicious web address that embeds their scam phone number into the real website’s search function. When a user clicks on a poisoned search result, they land on the brand’s actual support page. The web address in their browser will show the legitimate site, giving no cause for alarm.

However, the scammer’s fake phone number appears prominently within what looks like an official search result on the page itself. For instance, on Netflix, the site’s search function “blindly reflects whatever users put in the search query parameter without proper sanitization or validation,” creating a weakness the scammers exploit, Malwarebytes’ Pieter Arntz explained in the report shared with Hackread.com.

Source: Malwarebytes

Once a victim calls the fake number, the scammers pretend to be company representatives. Their goal is to get personal details, credit card information, or even gain remote access to the victim’s computer. If it’s a financial company like Bank of America or PayPal, the scammers aim to empty bank accounts.

Malwarebytes Browser Guard proved effective in catching these scams, displaying a warning about Search Hijacking Detected and explaining that unauthorized changes have occurred. However, some instances are harder to spot such as, on Apple’s support page, the fake number appears alongside a message stating no search matches were found, urging users to call the displayed number.

Source: Malwarebytes

****Stay Safe: Spotting the Red Flags****

To avoid falling victim, always be suspicious if a phone number appears directly in the web address bar, or if search terms like Call Now or Emergency Support are visible there. Watch out for many strange characters (like %20 or %2B) mixed with phone numbers in the URL. If a website shows a search result before you even type anything, that’s another warning sign. Any urgent language like Account suspended should also raise an alarm.

Moreover, before calling any support number, always look up the official contact details from a trusted source, like their social media pages, and compare it to the number you found. If they don’t match, investigate further. Finally, if during a call, you’re asked for personal or banking details unrelated to your issue, hang up immediately.

Scammers Insert Fake Support Numbers on Real Apple, Netflix, PayPal Pages

North Korean hackers deploy PylangGhost malware through fake crypto job interviews targeting blockchain professionals with phishing and remote access tools.

A new series of cyber attacks is targeting professionals in the crypto and blockchain industries using fake recruitment scams, according to new research by Cisco Talos. The attackers, linked to a North Korea-aligned group known as Famous Chollima, are impersonating legitimate companies to trick victims into installing malware disguised as video drivers.

The group has been active since at least mid-2024, previously known for tactics like fake developer job postings and fraudulent interview processes. This latest development shows the operation evolving in sophistication, now with a new Python-based malware called PylangGhost, a variant of the previously identified GolangGhost trojan.

****Real Jobseekers, Fake Companies****

Victims are approached by fake recruiters offering positions at companies that appear to be in the crypto sector. Targets are often software developers, marketers and designers with cryptocurrency experience.

Once contact is made, the victim is directed to a fake skill-assessment page designed to look like it belongs to a real company, including well-known names like Coinbase, Robinhood, Uniswap and others.

These pages use the React framework and closely mimic real corporate interfaces. After filling out personal information and completing the test, applicants are told they must record a video introduction for the hiring team. To do so, they’re asked to install “video drivers” by copying and pasting commands into their terminal.

That step downloads the malware.

****How the Malware Works****

According to Cicso Talos’ blog post, if the victim follows instructions on a Windows or MacOS system, a malicious ZIP file is pulled down. It contains the Python-based PylangGhost trojan and related scripts. The malware then unpacks itself, runs in the background and gives attackers remote access to the victim’s machine.

Screenshot of MacOS instructions prompting the user to copy, paste and run a malicious command line script (Image via Cisco Talos)

The Python version functions almost identically to its Go-based counterpart. It installs itself to run every time the system starts, collects system info, and connects to a command and control server. Once active, it can receive and execute remote commands, harvest credentials, and steal browser data, including passwords and crypto wallet keys.

According to Talos, it targets more than 80 different browser extensions, including widely used password managers and digital wallets like MetaMask, 1Password, NordPass and Phantom.

The malware uses RC4 encryption for communication with its server. Though the data stream is encrypted, the encryption key is sent along with the data, limiting the security of that method. Still, the setup helps it blend in with regular traffic and makes detection harder.

The goal of this operation is twofold. First, it allows attackers to gather sensitive personal data from real jobseekers. Second, it opens the door for fake employees to be placed inside real companies, which could lead to long-term infiltration and access to valuable financial data or software infrastructure.

Only a small number of victims have been confirmed so far, mostly in India. Linux users are not affected in this particular campaign. No Cisco customers appear to have been impacted at this time.

Talos notes that the malware’s development does not seem to involve AI code generation, and the structure of both the Python and Go versions suggests the same developers created both.

****Stay Safe****

If you’re applying for roles in crypto or tech, be cautious with job listings that ask you to install software or run terminal commands as part of an interview. Legitimate companies will not require this.

Cybersecurity teams should review employee onboarding processes, especially for remote hires, and educate staff about these types of social engineering attacks. Monitoring for unexpected outbound connections or strange ZIP downloads can also help catch early signs of compromise.

N. Korean Hackers Use PylangGhost Malware in Fake Crypto Job Scam

Zimperium zLabs reveals GodFather malware’s advanced virtualization that hijacks mobile banking and crypto apps. Learn how it steals data on your phone.

Cybersecurity researchers at Zimperium zLabs, led by Fernando Ortega and Vishnu Pratapagiri, have uncovered a dangerous new version of the GodFather Android malware using an advanced technique called on-device virtualization to take over legitimate mobile apps. It especially targets banking and cryptocurrency apps, effectively turning your own device into a spy.

****The Virtualization Trick****

Instead of just showing a fake image, the malware installs a hidden host app, which then downloads and runs a real copy of your banking or crypto app inside its own controlled space, a sandbox. When you try to open your actual app, the malware redirects you to this virtual version.

The malware then monitors and controls every action, tap, and word you type in real time, making it nearly impossible for you to notice anything wrong, since you are interacting with the real app, just in a manipulated environment. This sophisticated technique allows attackers to obtain usernames, passwords, and device PINs, obtaining complete control of your accounts.

This method gives attackers a huge advantage. They can steal sensitive data as you enter it, and even change how the app works, bypassing security checks including those that detect rooting a phone. Notably, the GodFather banking malware is built by repurposing several legitimate open-source tools, such as VirtualApp and XposedBridge, to execute its deceptive attacks and evade detection.

****Global Targets and Evasive Manoeuvres****

While GodFather employs its advanced virtualization, it also continues to use traditional overlay attacks, placing deceptive screens directly over legitimate applications. This dual approach shows the threat actors’ remarkable ability to adapt their methods.

According to the company’s blog post, the GodFather Android malware campaign is widespread, targeting 484 applications globally, though the highly advanced virtualization attack currently focuses on 12 specific Turkish financial institutions. This broad reach includes not just banking and cryptocurrency platforms, but also major global services for payments, e-commerce, social media, and communication.

The malware also uses clever tricks to avoid being found by security tools. It changes the way APK files (Android app packages) are put together, tampering with their structure to make them look encrypted or adding misleading information like $JADXBLOCK. It also moves much of its harmful code to the Java part of the app and makes its Android manifest file harder to read with irrelevant information.

Further probing revealed that GodFather still uses Android’s accessibility services (designed to help users with disabilities) to trick users into installing hidden parts of its application. It uses deceptive messages like “You need permission to use all the features of the application,” and once it gains accessibility permissions, it can secretly grant itself more permissions without user knowledge.

Also, the malware hides its important information, like where it connects to its control server (C2), in encoded form, making it harder to track. Once active, it sends details of your screen to the attackers, giving them a real-time view of your device. This discovery, hence, highlights the ongoing challenge in mobile security as threats become more complex and harder to spot.

_“_This is definitely a novel technique and I can see its potential,_“_ said Casey Ellis, Founder at Bugcrowd. _“_It will be interesting to see how effectively it actually is in the wild, whether or not the threat actors decide to deploy it outside of Turkiye, and if other threat actors attempt to replicate a similar approach._“_

GodFather Android Malware Runs Real Apps in a Sandbox to Steal Data

Miami, Florida, 18th June 2025, CyberNewsWire

**Miami, Florida, June 18th, 2025, CyberNewsWire**

**Halo Security’s Attack Surface Management Platform Honored for Exceptional Innovation and Successful Deployment Through The Channel**

Halo Security today announced that its attack surface management solution has been named a 2025 MSP Today Product of the Year Award winner by TMC, a leading global media company recognized for building communities in technology and business through live events and digital marketing platforms. 

The MSP Today Product of the Year Award honors standout products and services that are reshaping the managed services landscape—delivered through the Channel and purpose-built to meet the evolving needs of end users. The Halo Security platform was selected for its innovation, performance, and its measurable impact on customers and partners alike.

The Halo Security Attack Surface Management Platform enables organizations and managed service providers (MSPs) to discover, monitor, and secure their internet-facing assets. The platform combines attacker-like discovery methods with ongoing security monitoring, vulnerability scanning, and expert-led penetration testing services to help organizations of all sizes identify and remediate security risks before they can be exploited.

Designed with the Channel in mind, the platform offers easy-to-use client management and reporting, along with seamless integrations into tools like Slack, Jira, and major cloud providers. The platform empowers MSPs to deliver scalable, high-impact security services with minimal setup and configuration. With built-in PCI compliance reporting, dark web monitoring, and dynamic application security testing (DAST), Halo Security gives partners and clients alike the visibility needed to stay ahead of evolving threats and meet their compliance goals.

> “Our mission has always been to give organizations and our channel partners deep visibility into their digital presence,” said Lisa Dowling, CEO of Halo Security. “This award is a testament to the innovation behind our platform, the dedication of our team, and the success our MSP partners are driving for their clients every day.”

> “It gives me great pleasure to recognize Halo Security as a 2025 recipient of TMC’s MSP Today Product of the Year Award for their innovative attack surface management solution,” said Rich Tehrani, CEO of TMC. “Our judges were thoroughly impressed not only by the strength and features of the product, but by Halo Security’s commitment to the Channel—empowering partners to deliver exceptional service and drive meaningful results for their clients.” 

Winners of the 2025 MSP Today Product of the Year Award will be featured on MSP Today, the definitive resource for managed service providers, as well as across TMCnet’s media platforms.

**About Halo Security**

Halo Security is a comprehensive external attack surface management platform that provides asset discovery, risk assessment, and penetration testing in a single, easy-to-use dashboard. Founded by cybersecurity experts with backgrounds at McAfee, Intel, Kenna Security, OneLogin, and WhiteHat Security, Halo Security delivers a unique attacker-based approach to help organizations safeguard against potential threats. Users can learn more at halosecurity.com.

**About MSP Today**

MSP Today is the premier online destination for MSPs (Managed Service Providers) and IT service providers worldwide. As the industry’s leading web portal, we are committed to delivering timely and relevant news, cutting-edge product information, and invaluable insights to empower MSPs and IT professionals to thrive in today’s rapidly evolving technology landscape. Whether you’re seeking in-depth articles on emerging technologies, comprehensive product reviews, or actionable tips to optimize your IT services, MSP Today is your go-to resource for all things MSP-related. Users can learn more at www.msptoday.com.

**About TMC**

For more than 20 years, TMC has been honoring technology companies with awards in various categories. These awards are regarded as some of the most prestigious and respected awards in the communications and technology sector worldwide. Winners represent prominent players in the market who consistently demonstrate the advancement of technologies. Each recipient is a verifiable leader in the marketplace. TMC also provides global buyers with valuable insights to make informed tech decisions through our editorial platforms, live events, webinars, and online advertising. Users can learn more at www.tmcnet.com.

**Contacts**

**Director of Partnerships**  
**Lauren Ladra**  
**Halo Security**  
**\[email protected\]**  
**415-799-4568**  
**Manager, TMC Awards**  
**Stephanie Thompson**  
**TMC**  
**\[email protected\]**  
**203-852-6800**

Source

HackRead