Global Telecommunications Company Secures Critical Networks
A leading global telecommunications company with large integrated satellite and terrestrial networks provides diverse services to telecommunications operators, enterprises, media companies, and government entities. They chose Eclypsium to provide better visibility and vulnerability management on thousands of Cisco and Juniper network devices critical to their global operations. Within 1-2 months, ... Read More

BTS #48 – Hardware Hacking Tips & Tricks
In this episode, Paul and Chase delve into the world of hardware hacking, focusing on devices like the Flipper Zero and ESP32. They discuss the various applications of these tools, their impact on awareness in the hacking community, and the security implications surrounding their use. The conversation also touches on ... Read More
5 Reasons to Secure Firmware in Financial Services Organizations
The post 5 Reasons to Secure Firmware in Financial Services Organizations appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise ... Read More
Eclypsium @ RSAC 2025
The post Eclypsium @ RSAC 2025 appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise ... Read More

Juniper Routers, Network Devices Targeted with Custom Backdoors
Backdoored Juniper networking devices are at the center of two major cybersecurity stories that highlight the ongoing vulnerability and active targeting of network infrastructure by cyber adversaries. J-Magic and TINYSHELL The first story broke in January 2025, when researchers at Black Lotus Labs, a research arm of the ISP Lumen ... Read More
Eclypsium Earns Spot on Coveted 2025 CRN Partner Program Guide
Global Partner Program empowers partners to deliver top-tier supply chain security solutions to enterprise customers Portland, OR – March 24, 2025 – Eclypsium, a leader in infrastructure supply chain security, is proud to announce that it has been included in the prestigious 2025 CRN® Partner Program Guide. The guide is ... Read More

BTS #47 – BMC&C Part 3
In this episode, Paul Asadoorian, Vlad Babkin, and Chase Snyder delve into the latest vulnerability disclosures related to Baseboard Management Controllers (BMCs), specifically focusing on AMI Megarac and Redfish. They discuss the nature of the vulnerabilities, the discovery process, and the potential impacts of a BMC compromise. The conversation highlights ... Read More
BleepingComputer: Critical AMI MegaRAC bug can let attackers hijack, brick servers
​A new critical severity vulnerability found in American Megatrends International’s MegaRAC Baseboard Management Controller (BMC) software can let attackers hijack and potentially brick vulnerable servers. Read More > The post BleepingComputer: Critical AMI MegaRAC bug can let attackers hijack, brick servers appeared first on Eclypsium | Supply Chain Security for ... Read More
CSO: Critical vulnerability in AMI MegaRAC BMC allows server takeover
AMI MegaRAC baseband management controller vulnerability enables attackers to bypass authentication on the Redfish API and deploy malware implants or brick servers. The post CSO: Critical vulnerability in AMI MegaRAC BMC allows server takeover appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise ... Read More

BMC&C: Redfish Alert 3
Remotely Exploitable AMI Vulnerabilities Introduce Risk In Cloud Infrastructure Supply Chain A continuation of BMC&C research and findings, exploring exploit chaining and post-exploit impact scenarios for data centers worldwide. BMC&C Vulnerabilities – Part 3 The Eclypsium research team has discovered a previously unknown remotely exploitable vulnerability in AMI’s MegaRAC software ... Read More