RSA Conference is fast approaching (and I'll be there representing MSSP Alert, so say hello if you see me!), but the resources, content and community don't have to end when the conference does.
RSAC is expanding beyond the RSA Conference with a new membership platform that will be available year round.
The platform offers a dedicated cybersecurity AI co-pilot, original security research from RSAC’s just-announced Labs team, a curated daily news brief, end-to-end encrypted secure chat, and a vast library of unique content pulled from decades of RSAC Conference sessions.
Convening once a year is no longer enough for the cyber community to stay ahead of today’s threats. And as trust in traditional platforms (X, email, etc.) has eroded due to AI, data, and privacy risks, cyber professionals are seeking connection and support in more secure online communities and forums, RSAC said.
The launch of the membership platform follows the organization’s January rebranding to “RSAC” as the larger organization year-round, and “RSAC Conference” as the event name.
Now, here's today's MSSP update. Drop me a line at sharon.florentine@cyberriskalliance.com if you have news to share or want to say hi!
Today's MSSP Update
1. Veza's identity partner program: Identity security provider Veza is launching the Veza Identity Partner Program (VIPP), its first global program for resellers and channel partners. Designed to accelerate go-to-market success and foster strategic partnerships, VIPP focuses on empowering select partners within key ecosystems, including Value-Added Resellers (VARs), Global System Integrators (GSIs), Cloud Service Providers (CSPs), and Strategic Alliances.
2. CIOSO Global, Q-Net Security partnership: CIOSO Global and Q-Net Security have announced a strategic partnership to advance cybersecurity through hardware-based solutions. The collaboration brings together CIOSO Global’s advisory expertise and Q-Net Security’s silicon-based encryption technology to help organizations defend against emerging threats, including those driven by AI and quantum computing. Q-Net’s solution offers a “drop-in, set-and-forget” approach that operates independently of software environments. It eliminates common vulnerabilities like zero-day exploits, constant patching, and software-based decryption risks.
3. ImmuniWeb launches free Website, privacy certification: ImmuniWeb is set to launch a Free Website Security and Privacy Certification Program through its ImmuniWeb Community Edition. The ImmuniWeb Community Edition has offered online security tests since 2019, and ImmuniWeb is building on that foundation with PDF certificates and digital badges for websites that achieve an “A” grade in website security, privacy, or SSL tests. These new offerings will allow organizations to demonstrate their cybersecurity ability and dedication to privacy, which will improve trust and compliance.
4. WordPress vulnerabilities: Over 20,000 WordPress sites are impacted by a pair of high-severity flaws in the WP Ultimate CSV Importer plugin, which could be exploited to facilitate total site compromise for authenticated users with elevated privileges, according to Infosecurity Magazine. The arbitrary file upload bug, tracked as CVE-2025-2008, is the most severe of the vulnerabilities; it arises from improper file type validation within one of the plugin's functions and could be leveraged to allow remote code execution and site hijacking, according to a Wordfence alert. The arbitrary file deletion issue, tracked as CVE-2025-2007, has already been addressed by Smackcoders, who developed the plugin.
5. Teams vishing scam: Threat actors have leveraged Microsoft Teams and other tools to facilitate a malware-spreading voice phishing scam, according to Hackread. Attacks begin with the delivery of a malicious Microsoft Teams message alongside a vishing call to lure targets into executing a payload-downloading PowerShell command. Quick Assist is later leveraged to facilitate remote access, as an analysis from Ontinue's Cyber Defense Centre showed.
