IT, Telecom & Cyber · International (Houston)

Third-Party Patching and the Business Footprint We All Share reshape IT, Telecom & Cyber sourcing priorities

Published Feb 28, 2026, 6:43 AM CSTINTERNATIONALFull category signal
Ask AI
Third-Party Patching and the Business Footprint We All Share

In 60 seconds

Top move

Re-rank the supplier conversation with Microsoft around Third-Party Patching and the Business Footprint and confirm what commercial flexibility still exists before market leverage deteriorates

Key takeaways

  • Re-rank the supplier conversation with Microsoft around Third-Party Patching and the Business Footprint and confirm what commercial flexibility still exists before market leverage deteriorates.[3]
  • The lead signals for IT, Telecom & Cyber are no longer just descriptive; they point to immediate sourcing implications around market direction.[2]
  • Lead move: Author: Gene Moody, Field CTO at Action1 When security teams talk about attack surface, the conversation usually starts in familiar places.[1]

What changed since last run

  • Lead coverage has rotated toward "Third-Party Patching and the Business Footprint We All Share", shifting the brief toward more immediate execution implications.

Key facts

  • Author: Gene Moody, Field CTO at Action1 When security teams talk about attack surface, the c
  • At Action1, where visibility into third-party software exposure across endpoints is a daily f
  • That familiarity shapes how campaigns are built, and it should influence how defense strategi
  • Figure 1: Automated detection and remediation of critical vulnerabilities in third-party appl
  • Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURG
  • CISA originally documented the malware on March 28 last year, saying that it can survive rebo

Why it matters

The lead signals for IT, Telecom & Cyber are no longer just descriptive; they point to immediate sourcing implications around market direction. Lead move: Author: Gene Moody, Field CTO at Action1 When security teams talk about attack surface, the conversation usually starts in familiar places. That shifts IT, Telecom & Cyber focus toward market direction and changes the ask to Microsoft. The practical read-through is that buyers should tighten supplier challenge, pricing discipline, and contract optionality before the next decision gate

Cost / money

  • Signal: Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. That shifts IT, Telecom & Cyber focus toward cost pressure and changes the ask to Cisco.[3]
  • Signal: The malicious campaign has been named Ruby Jumper and is attributed to the state-backed group APT37, also known as ScarCruft, Ricochet Chollima, and InkySquid. That shifts IT, Telecom & Cyber focus toward cost pressure and changes the ask to Zscaler.[2]
  • The cost angle is directional, not quantified: moving work offsite can cut travel, rotation, and accommodation exposure, but only if the remote setup stays reliable.[3]

Supplier / commercial

  • This matters for IT, Telecom & Cyber because the signal changes the near-term supplier conversation, especially around price discipline, optionality, and execution readiness.[3]
  • This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, price caps/collars, and negotiation guardrails with 2025-0282, 28, 2024 as the clearest commercial anchors; expect bundling platform offers.[2]
  • This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, exit/portability clauses, and negotiation guardrails with 3.3.0, 99, 12 as the clearest commercial anchors; expect security advisory cadence.[1]
  • Keep dual-sourcing and standby options live. Maintain commercial optionality until supplier behavior is confirmed in quotes or execution plans.[3]

Safety / operations

  • Fewer people offshore can reduce exposure and emergency-response load, but the operating model becomes more dependent on connectivity resilience, remote support readiness, and cyber hygiene.[3]

What to watch

  • Watch whether Third-Party Patching and the Business Footprint develops into a confirmed sourcing constraint rather than an isolated headline.[3]
  • Watch whether Microsoft starts using CISA warns that RESURGE malware can as a repricing reference in quotes, escalator asks, or budget resets.[2]
  • Watch whether Zscaler starts using APT37 hackers use new malware to as a repricing reference in quotes, escalator asks, or budget resets.[1]
  • Third-Party Patching and the Business Footprint creates market direction. Trigger: Author: Gene Moody, Field CTO at Action1 When security teams talk about attack surface, the conversation usually starts in familiar places.[3]

Top stories

Story 1BleepingComputerFeb 27, 2026

Third-Party Patching and the Business Footprint We All Share

Signal strongSource-grounded
Source notes [3]Read source

What happened

Author: Gene Moody, Field CTO at Action1 When security teams talk about attack surface, the conversation usually starts in familiar places. At Action1, where visibility into third-party software exposure across endpoints is a daily focus, these background tools consistently emerge as a defining part of the real-world attack surface. This matters for IT, Telecom & Cyber because the signal changes the near-term supplier conversation, especially around price discipline, optionality, and execution readiness

Buyer takeaway

For IT, Telecom & Cyber, this is a staffing-shape signal: remote operating models can shift work offsite and change which suppliers, systems, and service levels matter most

Cost / money

The cost angle is directional, not quantified: moving work offsite can cut travel, rotation, and accommodation exposure, but only if the remote setup stays reliable

Supplier / commercial

Expect scope to move toward software support, communications uptime, cyber obligations, and clearer downtime liability instead of only offshore headcount or hardware supply

Safety / operations

Fewer people offshore can reduce exposure and emergency-response load, but the operating model becomes more dependent on connectivity resilience, remote support readiness, and cyber hygiene

What to watch

Watch for connectivity reliability, remote-support response times, and whether the operating model can safely revert onsite if needed

Key facts

  • Author: Gene Moody, Field CTO at Action1 When security teams talk about attack surface, the c
  • At Action1, where visibility into third-party software exposure across endpoints is a daily f
  • That familiarity shapes how campaigns are built, and it should influence how defense strategi
  • Figure 1: Automated detection and remediation of critical vulnerabilities in third-party appl
Story 2BleepingComputerFeb 27, 2026

CISA warns that RESURGE malware can be dormant on Ivanti devices

Signal strongSource-grounded
Source notes [2]Read source

What happened

Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. CISA originally documented the malware on March 28 last year, saying that it can survive reboots, create webshells for stealing credentials, create accounts, reset passwords, and escalate privileges. This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, price caps/collars, and negotiation guardrails with 2025-0282, 28, 2024 as the clearest commercial anchors; expect bundling platform offers

Buyer takeaway

For IT, Telecom & Cyber, this is a staffing-shape signal: remote operating models can shift work offsite and change which suppliers, systems, and service levels matter most

Cost / money

The cost angle is directional, not quantified: moving work offsite can cut travel, rotation, and accommodation exposure, but only if the remote setup stays reliable

Supplier / commercial

Expect scope to move toward software support, communications uptime, cyber obligations, and clearer downtime liability instead of only offshore headcount or hardware supply

Safety / operations

Fewer people offshore can reduce exposure and emergency-response load, but the operating model becomes more dependent on connectivity resilience, remote support readiness, and cyber hygiene

What to watch

Watch bandwidth resilience, latency tolerance, cyber obligations, and who carries downtime cost if the remote link drops

Key facts

  • Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURG
  • CISA originally documented the malware on March 28 last year, saying that it can survive rebo
  • According to researchers at incident response company Mandiant, the critical CVE-2025-0282 vu
  • Network-level evasion CISA's updated bulletin provides additional technical information on RE
Story 3BleepingComputerFeb 27, 2026

APT37 hackers use new malware to breach air-gapped networks

Signal strongSource-grounded
Source notes [1]Read source

What happened

The malicious campaign has been named Ruby Jumper and is attributed to the state-backed group APT37, also known as ScarCruft, Ricochet Chollima, and InkySquid. Researchers at cloud security company Zscaler analyzed the malware employed in APT37's Ruby Jumper campaign and identified a toolkit of five malicious tools: RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, and FOOTWINE. This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, exit/portability clauses, and negotiation guardrails with 3.3.0, 99, 12 as the clearest commercial anchors; expect security advisory cadence

Buyer takeaway

For IT, Telecom & Cyber, this is a staffing-shape signal: remote operating models can shift work offsite and change which suppliers, systems, and service levels matter most

Cost / money

The cost angle is directional, not quantified: moving work offsite can cut travel, rotation, and accommodation exposure, but only if the remote setup stays reliable

Supplier / commercial

Expect scope to move toward software support, communications uptime, cyber obligations, and clearer downtime liability instead of only offshore headcount or hardware supply

Safety / operations

Fewer people offshore can reduce exposure and emergency-response load, but the operating model becomes more dependent on connectivity resilience, remote support readiness, and cyber hygiene

What to watch

Watch bandwidth resilience, latency tolerance, cyber obligations, and who carries downtime cost if the remote link drops

Key facts

  • The malicious campaign has been named Ruby Jumper and is attributed to the state-backed group
  • Researchers at cloud security company Zscaler analyzed the malware employed in APT37's Ruby J
  • The PowerShell script loads the first malware component, called RESTLEAF, an implant that com
  • RESTLEAF fetches encrypted shellcode from the C2 to download the next-stage payload, a Ruby-b

VP Snapshot

Executive Risk & Action View

The biggest executive exposure for IT, Telecom & Cyber is market direction because today's lead stories point to faster-moving supplier and commercial decisions than the current brief cadence alone would suggest.

Overall
68
Cost
71
Supply
30
Schedule
22
Compliance
15

Top signals

180d+supplier

Signal 1: Third-Party Patching and the Business Footprint

This matters for IT, Telecom & Cyber because the signal changes the near-term supplier conversation, especially around price discipline, optionality, and execution readiness.

30-180dcost

Signal 2: CISA warns that RESURGE malware can

This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, price caps/collars, and negotiation guardrails with 2025-0282, 28, 2024 as the clearest commercial anchors; expect bundling platform offers.

Signal 3: APT37 hackers use new malware to

This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, exit/portability clauses, and negotiation guardrails with 3.3.0, 99, 12 as the clearest commercial anchors; expect security advisory cadence.

Recommended actions

Category ManagerDue 5d

Re-rank the supplier conversation with Microsoft around Third-Party Patching and the Business Footprint and confirm what commercial flexibility still exists before market leverage deteriorates.

This should improve negotiating posture and reduce surprise exposure against the commercial leverage now visible in the brief.

ContractsDue 10d

Email Microsoft to reconfirm license renewals, keep quote validity short around CISA warns that RESURGE malware can, and push for breach response slas instead of open-ended surcharge language.

This should improve negotiating posture and reduce surprise exposure against the market direction now visible in the brief.

Category ManagerDue 21d

Email Zscaler to reconfirm license renewals, keep quote validity short around APT37 hackers use new malware to, and push for breach response slas instead of open-ended surcharge language.

This should improve negotiating posture and reduce surprise exposure against the market direction now visible in the brief.

Risk register

RiskTriggerMitigation
Third-Party Patching and the Business Footprint creates market direction.Author: Gene Moody, Field CTO at Action1 When security teams talk about attack surface, the conversation usually starts in familiar places.Re-rank the supplier conversation with Microsoft around Third-Party Patching and the Business Footprint and confirm what commercial flexibility still exists before market leverage deteriorates.
CISA warns that RESURGE malware can creates cost pressure.Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices.Email Microsoft to reconfirm license renewals, keep quote validity short around CISA warns that RESURGE malware can, and push for breach response slas instead of open-ended surcharge language.
APT37 hackers use new malware to creates cost pressure.The malicious campaign has been named Ruby Jumper and is attributed to the state-backed group APT37, also known as ScarCruft, Ricochet Chollima, and InkySquid.Email Zscaler to reconfirm license renewals, keep quote validity short around APT37 hackers use new malware to, and push for breach response slas instead of open-ended surcharge language.

CM Snapshot

Category Manager Decision Detail

Today's priorities

Re-rank the supplier conversation with Microsoft around Third-Party Patching and the Business Footprint and confirm what commercial flexibility still exists before market leverage deteriorates.

This matters for IT, Telecom & Cyber because the signal changes the near-term supplier conversation, especially around price discipline, optionality, and execution readiness.

Due 3d

medium

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Email Microsoft to reconfirm license renewals, keep quote validity short around CISA warns that RESURGE malware can, and push for breach response slas instead of open-ended surcharge language.

This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, price caps/collars, and negotiation guardrails with 2025-0282, 28, 2024 as the clearest commercial anchors; expect bundling platform offers.

Due 7d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Email Zscaler to reconfirm license renewals, keep quote validity short around APT37 hackers use new malware to, and push for breach response slas instead of open-ended surcharge language.

This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, exit/portability clauses, and negotiation guardrails with 3.3.0, 99, 12 as the clearest commercial anchors; expect security advisory cadence.

Due 10d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Supplier radar

Microsoft

medium

Observed supplier signal

Author: Gene Moody, Field CTO at Action1 When security teams talk about attack surface, the conversation usually starts in familiar places.

Commercial implication

This matters for IT, Telecom & Cyber because the signal changes the near-term supplier conversation, especially around price discipline, optionality, and execution readiness.

Next step: Re-rank the supplier conversation with Microsoft around Third-Party Patching and the Business Footprint and confirm what commercial flexibility still exists before market leverage deteriorates.

Cisco

high

Observed supplier signal

Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices.

Commercial implication

This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, price caps/collars, and negotiation guardrails with 2025-0282, 28, 2024 as the clearest commercial anchors; expect bundling platform offers.

Next step: Email Microsoft to reconfirm license renewals, keep quote validity short around CISA warns that RESURGE malware can, and push for breach response slas instead of open-ended surcharge language.

Zscaler

high

Observed supplier signal

The malicious campaign has been named Ruby Jumper and is attributed to the state-backed group APT37, also known as ScarCruft, Ricochet Chollima, and InkySquid.

Commercial implication

This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, exit/portability clauses, and negotiation guardrails with 3.3.0, 99, 12 as the clearest commercial anchors; expect security advisory cadence.

Next step: Email Zscaler to reconfirm license renewals, keep quote validity short around APT37 hackers use new malware to, and push for breach response slas instead of open-ended surcharge language.

Negotiation levers

Keep dual-sourcing and standby options live

When to use: Use when Third-Party Patching and the Business Footprint increases uncertainty but the evidence is still early-stage.

Expected outcome: Maintain commercial optionality until supplier behavior is confirmed in quotes or execution plans.

Commercial mechanism to carry into the next supplier conversation

Use Price caps/collars

When to use: Use when Cisco cites CISA warns that RESURGE malware can to justify immediate repricing or wider surcharge language.

Expected outcome: Limit upside cost exposure while preserving awardability for time-sensitive work and keeping the supplier commercially engaged.

Commercial mechanism to carry into the next supplier conversation

Use Exit/portability clauses

When to use: Use when Zscaler cites APT37 hackers use new malware to to justify immediate repricing or wider surcharge language.

Expected outcome: Limit upside cost exposure while preserving awardability for time-sensitive work and keeping the supplier commercially engaged.

Commercial mechanism to carry into the next supplier conversation

Talking points

IT, Telecom & Cyber conditions are now tactical: the latest signals justify immediate outreach to Microsoft and a clause-by-clause contract refresh.
Use today's signal mix to challenge license renewals, confirm vendor support coverage, and preserve fallback options before leverage deteriorates.

Supplier radar

SupplierSignalImplicationNext stepConfidence
MicrosoftAuthor: Gene Moody, Field CTO at Action1 When security teams talk about attack surface, the conversation usually starts in familiar places.This matters for IT, Telecom & Cyber because the signal changes the near-term supplier conversation, especially around price discipline, optionality, and execution readiness.Re-rank the supplier conversation with Microsoft around Third-Party Patching and the Business Footprint and confirm what commercial flexibility still exists before market leverage deteriorates.medium
CiscoCybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices.This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, price caps/collars, and negotiation guardrails with 2025-0282, 28, 2024 as the clearest commercial anchors; expect bundling platform offers.Email Microsoft to reconfirm license renewals, keep quote validity short around CISA warns that RESURGE malware can, and push for breach response slas instead of open-ended surcharge language.high
ZscalerThe malicious campaign has been named Ruby Jumper and is attributed to the state-backed group APT37, also known as ScarCruft, Ricochet Chollima, and InkySquid.This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, exit/portability clauses, and negotiation guardrails with 3.3.0, 99, 12 as the clearest commercial anchors; expect security advisory cadence.Email Zscaler to reconfirm license renewals, keep quote validity short around APT37 hackers use new malware to, and push for breach response slas instead of open-ended surcharge language.high

Negotiation levers

  • Keep dual-sourcing and standby options liveUse when Third-Party Patching and the Business Footprint increases uncertainty but the evidence is still early-stage.Maintain commercial optionality until supplier behavior is confirmed in quotes or execution plans.

    medium confidence

  • Use Price caps/collarsUse when Cisco cites CISA warns that RESURGE malware can to justify immediate repricing or wider surcharge language.Limit upside cost exposure while preserving awardability for time-sensitive work and keeping the supplier commercially engaged.

    high confidence

  • Use Exit/portability clausesUse when Zscaler cites APT37 hackers use new malware to to justify immediate repricing or wider surcharge language.Limit upside cost exposure while preserving awardability for time-sensitive work and keeping the supplier commercially engaged.

    high confidence

What to do / What to watch

What to do now

  • Re-rank the supplier conversation with Microsoft around Third-Party Patching and the Business Footprint and confirm what commercial flexibility still exists before market leverage deteriorates.

    Why: This matters for IT, Telecom & Cyber because the signal changes the near-term supplier conversation, especially around price discipline, optionality, and execution readiness.

    Owner: Category

    Expected outcome: Complete this within 3 days to reduce buyer surprise and tighten near-term sourcing control.

    [3]
  • Email Microsoft to reconfirm license renewals, keep quote validity short around CISA warns that RESURGE malware can, and push for breach response slas instead of open-ended surcharge language.

    Why: This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, price caps/collars, and negotiation guardrails with 2025-0282, 28, 2024 as the clearest commercial anchors; expect bundling platform offers.

    Owner: Category

    Expected outcome: Complete this within 7 days to reduce buyer surprise and tighten near-term sourcing control.

    [2]
  • Email Zscaler to reconfirm license renewals, keep quote validity short around APT37 hackers use new malware to, and push for breach response slas instead of open-ended surcharge language.

    Why: This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, exit/portability clauses, and negotiation guardrails with 3.3.0, 99, 12 as the clearest commercial anchors; expect security advisory cadence.

    Owner: Category

    Expected outcome: Complete this within 10 days to reduce buyer surprise and tighten near-term sourcing control.

    [1]

Next few weeks

  • Re-rank the supplier conversation with Microsoft around Third-Party Patching and the Business Footprint and confirm what commercial flexibility still exists before market leverage deteriorates.

    Why: Move now because This should improve negotiating posture and reduce surprise exposure against the commercial leverage now visible in the brief.

    Owner: Category

    Expected outcome: This should improve negotiating posture and reduce surprise exposure against the commercial leverage now visible in the brief.

    [3]
  • Email Microsoft to reconfirm license renewals, keep quote validity short around CISA warns that RESURGE malware can, and push for breach response slas instead of open-ended surcharge language.

    Why: Move now because This should improve negotiating posture and reduce surprise exposure against the market direction now visible in the brief.

    Owner: Contracts

    Expected outcome: This should improve negotiating posture and reduce surprise exposure against the market direction now visible in the brief.

    [2]
  • Email Zscaler to reconfirm license renewals, keep quote validity short around APT37 hackers use new malware to, and push for breach response slas instead of open-ended surcharge language.

    Why: Move now because This should improve negotiating posture and reduce surprise exposure against the market direction now visible in the brief.

    Owner: Category

    Expected outcome: This should improve negotiating posture and reduce surprise exposure against the market direction now visible in the brief.

    [1]
  • Prepare keep dual-sourcing and standby options live for the next negotiation cycle.

    Why: Deploy it because Use when Third-Party Patching and the Business Footprint increases uncertainty but the evidence is still early-stage.

    Owner: Contracts

    Expected outcome: Maintain commercial optionality until supplier behavior is confirmed in quotes or execution plans.

    [3]

Longer view

  • Use the current signal mix to tighten quarter-ahead sourcing scenarios and supplier optionality plans.

    Why: Prepare now because repeated cross-source signals are pointing to a more fragile commercial environment than a headline-only read suggests.

    Owner: Category

    Expected outcome: A cleaner quarter-ahead demand, budget, and fallback-supplier plan.

    [3]

What to watch

  • Watch whether Third-Party Patching and the Business Footprint develops into a confirmed sourcing constraint rather than an isolated headline
  • Watch whether Microsoft starts using CISA warns that RESURGE malware can as a repricing reference in quotes, escalator asks, or budget resets
  • Watch whether Zscaler starts using APT37 hackers use new malware to as a repricing reference in quotes, escalator asks, or budget resets
  • Third-Party Patching and the Business Footprint creates market direction.: Author: Gene Moody, Field CTO at Action1 When security teams talk about attack surface, the conversation usually starts in familiar places
  • CISA warns that RESURGE malware can creates cost pressure.: Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices
  • APT37 hackers use new malware to creates cost pressure.: The malicious campaign has been named Ruby Jumper and is attributed to the state-backed group APT37, also known as ScarCruft, Ricochet Chollima, and InkySquid
  • IT, Telecom & Cyber conditions are now tactical: the latest signals justify immediate outreach to Microsoft and a clause-by-clause contract refresh
  • Use today's signal mix to challenge license renewals, confirm vendor support coverage, and preserve fallback options before leverage deteriorates

Market pulse

IndexLatestChangeAs of
Palo Alto (PANW)320 +0.00 (+0.00%)Feb 28, 2026, 12:51 PM
CrowdStrike (CRWD)285 +0.00 (+0.00%)Feb 28, 2026, 12:51 PM
Zscaler (ZS)195 +0.00 (+0.00%)Feb 28, 2026, 12:51 PM
Fortinet (FTNT)72 +0.00 (+0.00%)Feb 28, 2026, 12:51 PM
  • Palo Alto: Palo Alto should be used as a negotiation boundary for IT, Telecom & Cyber pricing, supplier challenge sessions, and contingency budgeting this cycle
  • CrowdStrike: CrowdStrike should be used as a negotiation boundary for IT, Telecom & Cyber pricing, supplier challenge sessions, and contingency budgeting this cycle
  • Zscaler: Zscaler should be used as a negotiation boundary for IT, Telecom & Cyber pricing, supplier challenge sessions, and contingency budgeting this cycle
  • Fortinet: Fortinet should be used as a negotiation boundary for IT, Telecom & Cyber pricing, supplier challenge sessions, and contingency budgeting this cycle

Sources

Inline citations jump here. Expand a source to read the excerpt, the AI interpretation, and the original link.

[1] APT37 hackers use new malware to breach air-gapped networks

bleepingcomputer.com · Feb 27, 2026

Expand

AI reading

The malicious campaign has been named Ruby Jumper and is attributed to the state-backed group APT37, also known as ScarCruft, Ricochet Chollima, and InkySquid. Researchers at cloud security company Zscaler analyzed the malware employed in APT37's Ruby Jumper campaign and identified a toolkit of five malicious tools: RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, and FOOTWINE. This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, exit/portability clauses, and negotiation guardrails with 3.3.0, 99, 12 as the clearest commercial anchors; expect security advisory cadence

Buyer takeaway

For IT, Telecom & Cyber, this is a staffing-shape signal: remote operating models can shift work offsite and change which suppliers, systems, and service levels matter most

Cost / money

The cost angle is directional, not quantified: moving work offsite can cut travel, rotation, and accommodation exposure, but only if the remote setup stays reliable

Supplier / commercial

Expect scope to move toward software support, communications uptime, cyber obligations, and clearer downtime liability instead of only offshore headcount or hardware supply

Safety / operations

Fewer people offshore can reduce exposure and emergency-response load, but the operating model becomes more dependent on connectivity resilience, remote support readiness, and cyber hygiene

What to watch

Watch bandwidth resilience, latency tolerance, cyber obligations, and who carries downtime cost if the remote link drops

Key facts

  • The malicious campaign has been named Ruby Jumper and is attributed to the state-backed group
  • Researchers at cloud security company Zscaler analyzed the malware employed in APT37's Ruby J
  • The PowerShell script loads the first malware component, called RESTLEAF, an implant that com
  • RESTLEAF fetches encrypted shellcode from the C2 to download the next-stage payload, a Ruby-b
Open original source

[2] CISA warns that RESURGE malware can be dormant on Ivanti devices

bleepingcomputer.com · Feb 27, 2026

Expand

AI reading

Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. CISA originally documented the malware on March 28 last year, saying that it can survive reboots, create webshells for stealing credentials, create accounts, reset passwords, and escalate privileges. This matters for IT, Telecom & Cyber because fresh price movement and input-cost detail should reset bid assumptions, price caps/collars, and negotiation guardrails with 2025-0282, 28, 2024 as the clearest commercial anchors; expect bundling platform offers

Buyer takeaway

For IT, Telecom & Cyber, this is a staffing-shape signal: remote operating models can shift work offsite and change which suppliers, systems, and service levels matter most

Cost / money

The cost angle is directional, not quantified: moving work offsite can cut travel, rotation, and accommodation exposure, but only if the remote setup stays reliable

Supplier / commercial

Expect scope to move toward software support, communications uptime, cyber obligations, and clearer downtime liability instead of only offshore headcount or hardware supply

Safety / operations

Fewer people offshore can reduce exposure and emergency-response load, but the operating model becomes more dependent on connectivity resilience, remote support readiness, and cyber hygiene

What to watch

Watch bandwidth resilience, latency tolerance, cyber obligations, and who carries downtime cost if the remote link drops

Key facts

  • Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURG
  • CISA originally documented the malware on March 28 last year, saying that it can survive rebo
  • According to researchers at incident response company Mandiant, the critical CVE-2025-0282 vu
  • Network-level evasion CISA's updated bulletin provides additional technical information on RE
Open original source

[3] Third-Party Patching and the Business Footprint We All Share

bleepingcomputer.com · Feb 27, 2026

Expand

AI reading

Author: Gene Moody, Field CTO at Action1 When security teams talk about attack surface, the conversation usually starts in familiar places. At Action1, where visibility into third-party software exposure across endpoints is a daily focus, these background tools consistently emerge as a defining part of the real-world attack surface. This matters for IT, Telecom & Cyber because the signal changes the near-term supplier conversation, especially around price discipline, optionality, and execution readiness

Buyer takeaway

For IT, Telecom & Cyber, this is a staffing-shape signal: remote operating models can shift work offsite and change which suppliers, systems, and service levels matter most

Cost / money

The cost angle is directional, not quantified: moving work offsite can cut travel, rotation, and accommodation exposure, but only if the remote setup stays reliable

Supplier / commercial

Expect scope to move toward software support, communications uptime, cyber obligations, and clearer downtime liability instead of only offshore headcount or hardware supply

Safety / operations

Fewer people offshore can reduce exposure and emergency-response load, but the operating model becomes more dependent on connectivity resilience, remote support readiness, and cyber hygiene

What to watch

Watch for connectivity reliability, remote-support response times, and whether the operating model can safely revert onsite if needed

Key facts

  • Author: Gene Moody, Field CTO at Action1 When security teams talk about attack surface, the c
  • At Action1, where visibility into third-party software exposure across endpoints is a daily f
  • That familiarity shapes how campaigns are built, and it should influence how defense strategi
  • Figure 1: Automated detection and remediation of critical vulnerabilities in third-party appl
Open original source

[4] Palo Alto

finance.yahoo.com · n.d.

Expand
Open original source

[5] CrowdStrike

finance.yahoo.com · n.d.

Expand
Open original source

[6] Zscaler

finance.yahoo.com · n.d.

Expand
Open original source

[7] Fortinet

finance.yahoo.com · n.d.

Expand
Open original source
More from IT, Telecom & CyberBack to Executive View