Rezonate raises $8.7M and launches its cloud identity protection platform out of stealth

Rezonate, a Boston- and Tel Aviv-based startup that offers an agent-less cloud identity protection platform that aims to help DevOps teams minimize attackers’ opportunities to breach cloud identity and access, is coming out of stealth today and announcing an $8.7 million seed funding round, led by State of Mind Ventures and Flybridge, with participation from toDay Ventures, Merlin Ventures and a number of angel investors.

Founded in January 2022, Rezonate is part of a group of modern identity and access management (IAM) startups that aim to modernize the current state of affairs in this space, which is struggling to meet the demands of modern cloud infrastructure systems. This shift is creating new attack surfaces, especially as enterprises move to the cloud — and more dynamic infrastructure systems — at an ever-increasing rate. The number of security breaches stemming from issues with identity and access management is already on the rise. Indeed, Gartner expects that by 2023, “75% of security failures will result from inadequate management of identities, access, and privileges.”

Image Credits: Rezonate

Co-founder and CEO Roy Akerman was previously the head of the Israeli Cyberdefense Operations, while Rezonate co-founder and CTO Ori Amiga previously led R&D for this unit. Both received the Medal of Honor for their contributions to Israel’s National Security.

“The rapidly-changing cloudscape together with the proliferation of human and machine identities requires a different approach,” said Akerman. “Modern infrastructures require a precise and nimble way to outsmart attackers. One that prioritizes cloud identities and access at its core and is constantly adapting to current dynamics over yesterday’s snapshots and, for the first time, gives defenders and builders the means to act confidently.”

Image Credits: Rezonate

Rezonate promises to discover all of a company’s cloud and identity providers and the corresponding access privileges of its employees. The platform automatically detects security gaps and abnormal access attempts in real time. Rezonate promises that within minutes of deploying its solution, its platform can identify cloud identity and access risks and provide guidance for remediating them, or even automatically remove access and terminate sessions.

At the core of all of this is what Rezonate calls its ‘Identity Storyline,’ which aims to provide DevOps and security teams with a context-rich dashboard that helps them understand the security risk across a company’s cloud estate. With this, users get an easy-to-read dashboard that clearly lays out what kind of access every user has — and where there are potential issues.

“The fact that in just ten months from our first line of code we already have active customers, solving key gaps daily, affirms the criticality of the cloud identity and access issue. In a cloud world where everything is changing all of the time, DevOps teams need a solution as dynamic and automated as the infrastructure they need to protect is,” said Amiga.

Rezonate raises $8.7M and launches its cloud identity protection platform out of stealth by Frederic Lardinois originally published on TechCrunch

Tres raises $7.6M to help web3 teams manage their financials and crypto data

Tres, a financial “data lake” for web3 companies, has raised $7.6 million in a seed round led by boldstart ventures, its founder and CEO Tal Zackon, exclusively shared with TechCrunch.

Investors include F2, The Chainsmokers’ venture fund Mantis, New Form Capital, Kenetic Capital, Blockdaemon Ventures and Alchemy. As well as angel investors like Fireblocks CEO Michael Shaulov and Chainalysis CEO Michael Gronager, among others.

The Tel Aviv-based firm aggregates crypto data across different wallets, accounts and platforms, so crypto entities’ financial teams can better understand what’s happening internally at their business without needing the crypto-native knowledge and experience to gather the information, Zackon said.

Its platform can onboard any on-chain or centralized finance data sources and enable financial workflows like balance calculations or auditing and reporting so businesses can monitor and manage their web3 assets both on-ramp and off-ramp, Zackon added. “The thing about having all the data related to your business in a data lake in a format that you need with raw data and financial data, there’s no need to manually gather the data, move it around, edit it and do calculations.”

“CFOs are really struggling to understand what is happening within their financial parameters because they didn’t grow up in this space, it’s different from traditional finance with new protocols and products coming up all the time,” Zackon said. “They don’t know how to handle it.”

The capital will be used to hire as well as build out its product, Zackon said. “I think today we’re really working on onboarding customers and developing the product for their needs and pains. The more we add, the deeper these use cases become and more use cases will open up.”

As it stands, there’s little technology or platforms out there to help web3 companies manage their finances, Zackon said. “They’re mainly using excel spreadsheets and block explorers like etherscan to manage thousands of their wallets, with hundreds to billions of dollars – manually — which is madness. That’s why we created this.”

“We’re able to go cross-chain, cross-protocol, cross wallet, on-chain and off-chain,” Zackon said. “Adding data whether it’s on Coinbase, Solana or somewhere else – all we need is your wallet address and we can pull all the transactions from all the wallets into one data lake. Something like that doesn’t exist today, you have to look at Ethereum data or Solana data one at a time. But on our platform you can look at it altogether and slice it how you want.”

To date, Tres has monitored and analyzed over $40 billion of crypto assets for customers like Hivemind Capital, non-custodial staking platform Stakely and blockchain infrastructure firm Blockdaemon across the US, Israel and Europe, its press release stated.

Although the current crypto market is wavering, the downturn and bearish sentiment is “actually a positive” for Tres, Zackon said.

“When everything is going up and everyone is making money, no one cares about finance,” Zackon said. “But when things start going sideways, you have to think about what you’re actually worth, how much runway you have, where the money is.”

At the end of the day, Tres hopes to become the “financial backbone” to crypto organizations, Zackon said.

Tres raises $7.6M to help web3 teams manage their financials and crypto data by Jacquelyn Melinek originally published on TechCrunch

Cymulate snaps up $70M to help cybersecurity teams stress test their networks with attack simulations

The cost of cybercrime has been growing at an alarming rate of 15% per year, projected to reach $10.5 trillion by 2025. To cope with the challenges that this poses, organizations are turning to a growing range of AI-powered tools to supplement their existing security software and the work of their security teams. Today, a startup called Cymulate — which has built a platform to help those teams automatically and continuously stress test their networks against potential attacks with simulations, and provide guidance on how to improve their systems to ward off real attacks — is announcing a significant round of growth funding after seeing strong demand for its tools.

The startup — founded in Tel Aviv, with a second base in New York — has raised $70 million, a Series D that it will be using to continue expanding globally and investing in expanding its technology (both organically and potentially through acquisitions).

Today, Cymulate’s platform covers both on-premise and cloud networks, providing breach and attack simulations for endpoints, email and web gateways and more; automated “red teaming”; and a “purple teaming” facility to create and launch different security breach scenarios for organizations that lack the resources to dedicate people to a live red team — in all, a “holistic” solution for companies looking to make sure they are getting the most out of the network security architecture that they already have in place, in the worlds of Eyal Wachsman, Cymulate’s CEO.

“We are providing our customers with a different approach for how to do cybersecurity and get insights [on]  all the products already implemented in a network,” he said in an interview. The resulting platform has found particular traction in the current market climate. Although companies continue to invest in their security architecture, security teams are also feeling the market squeeze, which is impacting IT budgets, and sometimes headcount in an industry that was already facing a shortage of expertise. (Cymulate cites figures from the U.S. National Institute of Standards and Technology that estimate a shortfall of 2.72 million security professionals in the workforce globally.)

The idea with Cymulate is that it’s built something that helps organizations get the most out of what they already have. “And at the end, we provide our customers the ability to prioritize where they need to invest, in terms of closing gaps in their environment,” Wachsman said.

The round is being led by One Peak, with Susquehanna Growth Equity (SGE), Vertex Ventures Israel, Vertex Growth and strategic backer Dell Technologies Capital also participating. (All five also backed Cymulate in its $45 million Series C last year.) Relatively speaking, this is a big round for Cymulate, doubling its total raised to $141 million, and while the startup is not disclosing its valuation, I understand from sources that it is around the $500 million mark.

Wachsman noted that the funding is coming on the heels of a big year for the startup (the irony being that the constantly escalating issue of cybersecurity and growing threat landscape spells good news for companies built to combat that). Revenues have doubled, although it’s not disclosing any numbers today, and the company is now at over 200 employees and works with some 500 paying customers across the enterprise and mid-market, including NTT, Telit, and Euronext, up from 300 customers a year ago.

Wachsman, who co-founded the company with Avihai Ben-Yossef and Eyal Gruner, said he first thought of the idea of building a platform to continuously test an organization’s threat posture in 2016, after years of working in cybersecurity consulting for other companies. He found that no matter how much effort his customers and outside consultants put into architecting security solutions annually or semi-annually, those gains were potentially lost each time a malicious hacker made an unexpected move.

“If the bad guys decided to penetrate the organization, they could, so we needed to find a different approach,” he said. He looked to AI and machine learning for the solution, a complement to everything already in the organization, to build “a machine that allows you to test your security controls and security posture, continuously and on demand, and to get the results immediately… one step before the hackers.”

Last year, Wachsman described Cymulate’s approach to me as “the largest cybersecurity consulting firm without consultants,” but in reality the company does have its own large in-house team of cybersecurity researchers, white-hat hackers who are trying to find new holes — new bugs, zero days and other vulnerabilities — to develop the intelligence that powers Cymulate’s platform.

These insights are then combined with other assets, for example the MITRE ATT&CK framework, a knowledge base of threats, tactics and techniques used by a number of other cybersecurity services, including others building continuous validation services that compete with Cymulate. (Competitors include the likes of FireEye, Palo Alto Networks, RandoriAttackIQ and many more.)

Cymulate’s work comes in the form of network maps that detail a company’s threat profile, with technical recommendations for remediation and mitigations, as well as an executive summary that can be presented to financial teams and management who might be auditing security spend. It also has built tools for running security checks when integrating any services or IT with third parties, for instance in the event of an M&A process or when working in a supply chain.

Today the company focuses on network security, which is big enough in itself but also leaves the door open for Cymulate to acquire companies in other areas like application security — or to build that for itself. “This is something on our roadmap,” said Wachsman.

If potential M&A leads to more fundraising for Cymulate, it helps that the startup is in one of the handful of categories that are going to continue to see a lot of attention from investors.

“Cybersecurity is clearly an area that we think will benefit from the current macroeconomic environment, versus maybe some of the more capital-intensive businesses like consumer internet or food delivery,” said David Klein, a managing partner at One Peak. Within that, he added, “The best companies [are those] that are mission critical for their customers… Those will continue to attract very good multiples.”

Rookout raises $16M Series B to scale its developer-first observability platform

Rookout, the Tel Aviv-based startup that describes itself as a ‘developer-first observability platform,’ today announced that it has raised a $16 million Series B funding round led by Fort Ross Ventures. Existing investors TLV Partners, Emerge and Cisco Investments, as well as new investors LIAN Group, Mighty Capital and Binder & Partners, also participated in this round, which brings the company’s total funding to over $28 million.

The promise of Rookout is to give engineers more data about how their code runs in production. That, the company argues, sets it apart from more traditional monitoring tools which tend to focus more on the infrastructure and helping SREs do their job, and not the live code and business logic that developers care about.

Image Credits: Rookout

“We’re trying to give developers ownership over production — because that’s what we care about,” Rookout CEO Liran Haimovitch told me. “At Rookout, with 20 engineers, I don’t care what they’re doing on their laptops. I honestly don’t care. I care about what their code is doing in production. I think every engineering leader out there is feeling the same. But traditionally, engineers didn’t have access to what’s going on in production, and you can’t really make people care about something if you’re keeping them away from it.”

The company’s live debugging features are at the core of its toolset, powered by its dynamic instrumentation capabilities that enable developers to set what the company calls ‘non-breaking breakpoints’ to collect live data and debug their applications in production. But the tool also integrates data from tracing tools like OpenTracing and OpenTelemtry, as well as various other third-party logging services.

The company says its customer base now includes the likes of Amdocs, Cisco, Dynatrace, Jobvite, Santander Bank and UPS. Since its last funding round in 2019, Rookout saw its revenue increase by 20x.

“We’ve been impressed with Rookout’s execution of its groundbreaking solution, alongside the rapid trajectory of its growing customer base and significant expansion momentum within the enterprise,” said Sharin Fisher Dibrov, partner at Fort Ross Ventures. “We are coming to a third wave of observability tools which shifts everything further left, and we’re excited to support Rookout’s journey and backing [Rookout CEO] Shahar [Fogel], Liran, and the team as the category-defining leader in developer-first observability.”

Guesty books $170M to double down on property management tools for Airbnb and other rental platforms

Platforms like Airbnb have boomed with more consumers (and business users) than ever before keen stay in private properties when traveling or working away from their usual home base. That’s also meant a boom for startups building technology to help those renting out properties to manage the process. Guesty — which has built a platform to manage property listings across multiple sites like Airbnb, Vrbo, Expedia and — is today announcing that it has raised $170 million, an all-equity round that it will be using to continue fueling its growth, and to tap deeper into providing tools to address our changing habits as consumers.

“With the ways people live, work, socialize and travel having shifted, the lines between traditional hotels and rental accomodations continue to blur,” co-founder and CEO Amiad Soto told me in an interview. “Hospitality operators — everyone from hosts to property managers to hotel brands — are continuing to adapt to this new reality. The last few years brought new customer personas to the short-term rental market, including classic hotel-goers who have higher demands for guest experiences and services.”

Apax Digital Funds, MSD Partners and Sixth Street Growth co-led the round for Tel Aviv-based Guesty, with previous backers Viola Growth and Flashpoint also participating — motivated in part by that vision of a changing travel and living landscape.

“As alternative property management operations become more complex, Guesty is paving the way for the next generation of digital hospitality services,” said Dave Evans, a partner at Apax Digital, in a statement. “Their track record of success and innovation, along with their platform’s growing suite of tools and intuitive user experience has Guesty positioned to define and consolidate its category, working with hosting businesses of all sizes. We are excited to continue partnering with the company as it continues to transform the industry.”

This is an all-equity Series E, Soto said in our interview (via email, because, coincidentally, I happen to be traveling myself). Soto didn’t say at which valuation, but he told me that the figure had tripled since its last round (a $50 million injection in 2021). PitchBook notes that last round was at a $230 million valuation; if that’s accurate it would put today’s round at $690 million. (We’ll update as and when we learn more.) The company is not yet profitable, Soto said, but it’s aiming for it next year, when it is also on course to surpass $100 million in ARR in the first six months.

The size of the round is big, but perhaps especially notable given the constraints that fundraising has been under in general this year. It’s also a measure of where Guesty is today, and where it’s going.

Soto and Guesty are not disclosing how many properties managed using its platform but directionally say the numbers are growing. “We expect our revenue and listings under management to continue to double year-over-year, both in 2022 and 2023,” Soto told me. (For a point of reference, the last time we reported the number was at the time of a $35 million funding round in 2019, when it noted that it had over 100,000 across 70 countries.)

His explanation for moving away from disclosing property numbers is not to do with the inevitable disruption that Covid-19 brought to the industry (and Guesty’s users in particular), but because Guesty itself has changed as a business, expanding both the kinds of properties that are managed, and the uses of those properties.

“Since our inventory has grown to include more than just short-term rental listings and include more flexible accommodations, such as co-living spaces, aparthotels, glamping and more, the key metrics that demonstrate our growth are our revenue and profitability,” Soto said, adding that Guesty has seen 100% growth year on year and expect this to continue. The startup’s team now numbers 585 employees, which has also doubled in size in the last year.

“We expect these numbers to continue growing even faster,” he noted.

To that end, Guesty is also rapidly expanding in terms of what kinds of tools it’s offering to its users, and thus how the platform generates revenues. There are a lot of travel startups out in the wild, including a huge swathe of those dedicated to property management technology and services, and Guesty has been positioning itself as something of a consolidator. The company’s acquisitions have included MyVR (like Guesty, an alum of Y Combinator) and Your Porter respectively to tap into deeper multimedia tools for its users, and to provide more tools for hosts that work across properties owned by third parties.

The plan is to use some of this funding to continue picking up more businesses that complement Guesty’s strategy, and to continue taking it beyond simply providing tools to manage properties, but to provide other services, and for its users, to give them an end-to-end, one-stop platform to manage their own work as a business. Features today number about 18, including not just calendar management and ways to manage across multiple booking portals, but also channels to manage guest-host communications, analytics and accounting tools, payment tools and more.

“Hospitality operators are now expected to provide more amenities, real-time responses, have more availability for ongoing customer communications and provide an overall elevated guest experience,” Soto said. “The trend of merging of accommodation types will continue, and the ever-growing consumer expectations will push property and hospitality managers to provide increasingly flexible levels of service and accommodations. Guesty’s platform is tailored to meet this need. For example, our technology enables hospitality providers to enhance guest communications by incorporating automation, making guest interactions faster, more intuitive, and providing smartphone tools and options which are most guests’ preferred method of communication.”

One area of investment will also be building more automation into the the product, he said, which likely is aimed at working with customers that manage larger amounts of properties and may have more repeatable, repetitive tasks.

“We are working hard to increase the levels of automation within our product as well as enhance AI-based communication tools,” Soto continued. “Guesty’s product provides tools for different types of properties, including multi-unit buildings and multi-location properties, but as our customers evolve, they come with additional needs for different types of guests. With that, we will be enhancing our product to provide hospitality providers with the tools they need to address everything from monthly stays and living-as-a-service, tailored for various types of accommodations – from glamping to more traditional hotel-like properties. To accomplish this, the product must be extremely flexible and accommodate hybrid solutions.”

Lastly, a third area where it’s likely to be investing more efforts is in the financial services it provides to its users. “To boost the value we offer, we will be looking to add to and enhance our fintech offerings, allowing our customers to bill more efficiently, create credit lines and take loans to grow their business, manage risk, and offer more advanced analytics for customers to make informed decisions about growing their business and managing additional aspects of their operations,” he added. Acquisitions that it might make to grow all of that inorganically will be made both across product lines and geographies, said Soto. It will also be by way of integrations. Today these number about 130 with other third-party tools.

The company appears still to have a lot of runway left as a standalone business. While Soto would not comment on whether it’s been approached as an acquisition target — either by other companies that build tools to manage businesses or customer service, or by some of those other online travel booking giants — he was unequivocal in saying that Guesty was not looking to get acquired, but to play the consolidator itself.

“Guesty is not looking for an exit,” he said. “We are strong believers that the industry is fragmented and ripe for consolidation and have already made multiple acquisitions both in-market and vertical expansion to enhance our offering and position. We are proud to have the highest level of business and technology partnerships with all the large travel platforms including Airbnb,, Vrbo, Expedia and more, and are able to provide value to the entire ecosystem, which benefits everyone.”

That said, the tethering that it has to certain platforms — Soto notes that Airbnb “is still very popular” among its customers and in terms of activity, although “ may be more popular in Europe and have actually grown in the short-term rental (STR) sector [with’s expansion into STR] now accounting for around 30% of their business. VRBO (from the Expedia Group) also remains a very popular option in certain areas in the US, especially for family-oriented properties in more rural vacation areas — does seem to imply a natural pool of companies that might be interested in it longer term, as they too look for more ways of diversifying their own revenues and expanding their reach.

Other more direct competitors today include the likes of TravelNest, Hostaway and Lodgify, among many others.

That competitive landscape doesn’t deter investors, though.

“In a largely specialized and localized industry, there is a huge opportunity to bring a global standard of service and excellence to hospitality operators of all shapes and sizes,” added Dan Bitar, MD and co-head of MSD Growth. “Guesty’s robust product offerings, strong R&D team, and proven ability to scale the business across geographies make it the ideal platform to consolidate the currently fragmented market.”

“The tech-enabled real estate ecosystem continues to grow and mature, and we look forward to joining Guesty on its journey to democratize and further professionalize the property management space,” said Michael McGinn, partner and co-head of Sixth Street Growth, in a statement. “With Guesty’s strong management team, long-term vision, product innovation, and marquee customers and partners, we have full confidence in the company’s ability to further cement its leadership in the world of hospitality and property management.”

With $40M in new funding, Frontegg looks to expand its B2B user management service

Frontegg, the popular user management service for developers who build B2B SaaS apps, today announced that it has raised a $40 million Series B round led by Stripes and Insight Partners. This new round, which follows the company’s $25 million Series A announcement last December, brings Frontegg’s total funding to $70 million. Other investors include Pitango First, Global Founders Capital and i3 Equity. The company plans to use the new funding to expand its product offerings, invest in its infrastructure and scale its R&D and go-to-market teams in both Tel Aviv and the San Francisco Bay Area.

The idea behind Frontegg is to simplify customer management for SaaS providers. Instead of having to re-invent the wheel — and then slowly add enterprise features like single sign-on over time — Frontegg offers an easy-to-use platform for building the entire flow from sign-up to logging in with multi-factor support and magic links, all the way to then managing those users throughout the product lifecycle, including subscription enforcement through its integration with payment gateways.

Image Credits: Frontegg

Frontegg co-founder and CEO Sagi Rodin told me that the company wasn’t looking to raise just yet, but decided to go for this round, which closed about two months ago, in order to capitalize on the market opportunity. Rodin noted that he wasn’t all that concerned about a potential downturn in the market. Instead, he argued that Frontegg’s product may actually be what companies will look for when the economy slows down.

“At least in our space, especially during downtimes, companies return to the basics and look for products that accelerate their time to value,” he said. “I think Frontegg is exactly in that space. With Frontegg, customers can go to market much faster — they can offer a product that is much more mature and gives them the freedom to even explore different go-to-markets and provide experiences to their users that are usually provided by companies at a much later stage.”

Frontegg team

Frontegg team

Also, at this point, SaaS users almost expect a full self-managed user experience plus integrations with their security policies and other advanced features. Those are now table stakes but also hard to build from the ground up. “That’s the new standard and you don’t have a lot of slack to not provide this level of experience,” Rodin said.

On the product side, Frontegg launched a new self-service portal for building sign-up and authentication experiences, which it is now expanding with additional capabilities. The company also heavily focused on adding its own enterprise capabilities like multi-tenancy and more over the last few months.

The company current serves more than 150 B2B SaaS customers including the likes of Datadog, Materialize, Hunters.AI and

“What blew us away about Frontegg was how much their customers love the product,” said Saagar Kulkarni, partner at Stripes. “Building and maintaining world-class user management has become an increasingly heavy burden on development teams. In turbulent economic times like these it’s more important than ever for B2B SaaS companies to go to market fast — but with a mature product that is in line with today’s user’s expectations from business tools. Frontegg provides an exceptional user management experience out-of-the-box so that SaaS companies can quickly ship winning products.”

Frontegg team

Frontegg team

Google Cloud announces its first region in Mexico

Google Cloud today announced plans for its first cloud region in Mexico, its third in Latin America after Santiago, Chile and São Paulo, Brazil.

The new region, which will be Google’s 35th, will allow it to better serve its local users with lower-latency access to its cloud services, but — and these days, this may be even more important — offer these users data residency and compliance options.

“The cloud region in Mexico will unlock new possibilities for the use of cloud technologies by public sector organizations in the country,” said Juan Carlos Sarmiento Tovilla, the director general of Information Systems at Mexico’s Federal Court of Administrative Justice. “Different public entities would benefit from interoperating in an efficient and secure way, facilitating access to computing power and information technologies.”

In this context, it’s worth noting that Microsoft Azure also announced plans to open a region in Mexico (though that was in 2020 and it’s not open yet) and AWS also announced plans for a region in the country last year, as well as a local zone in Queretaro.

In addition to the new region in Mexico, Google also plans to open new regions in Doha (Qatar), Turin (Italy), Berlin (Germany), Dammam (Kingdom of Saudi Arabia) and Tel Aviv (Israel) in the near future.

Spyware maker Candiru linked to Chrome zero-day targeting journalists

Security researchers have linked the discovery of an actively exploited but since-fixed zero-day vulnerability in Google Chrome to an Israeli spyware maker targeting journalists in the Middle East.

Cybersecurity company Avast has linked the exploitation to Candiru, a Tel Aviv-based hacking-for-hire company also known as Saito Tech, which provides its powerful spyware to government clients. Candiru, much like Israel’s NSO Group, claims its software is designed to be used by government and law enforcement agencies to thwart potential terrorism and crime, but researchers have found that authoritarian regimes have used the spyware to target journalists, political dissidents, and critics of repressive regimes. Candiru was sanctioned by the U.S. Commerce Department for engaging in activities contrary to U.S. national security.”

Avast said it observed Candiru in March using the Chrome zero-day exploit for targeting individuals in Turkey, Yemen, and Palestine — as well as journalists in Lebanon, where Candiru compromised a website used by employees of a news agency.

“We can’t say for sure what the attackers might have been after, however often the reason why attackers go after journalists is to spy on them and the stories they’re working on directly, or to get to their sources and gather compromising information and sensitive data they shared with the press,” said Jan Vojtěšek, malware researcher at Avast. “An attack like this could pose a threat to press freedom,” said Vojtěšek.

The Chrome zero-day exploit planted on the Lebanese news agency’s website was designed to collect about 50 data points from a victim’s browser, including its language, timezone, screen information, device type, browser plugins, and device memory, likely to ensure that only the devices of those who are specifically targeted were ultimately compromised. When a target is found, the Chrome zero-day creates a foothold on the victim’s machine in order to deliver the spyware payload, which researchers have dubbed DevilsTongue.

DevilsTongue, like other government-grade spyware, can steal the contents of a victim’s phone, including messages, photos, call logs, and track a victim’s location in real-time.

Avast disclosed the vulnerability, tracked as CVE-2022-2294, to Google on July 1, with a fix landing days later on July 4 with the release of Chrome 103. Google said at the time it was “aware that an exploit for CVE-2022-2294 exists in the wild.”

Candiru was first exposed by Microsoft and Citizen Lab in July last year. Their findings showed that the spyware maker had targeted at least 100 activists, journalists and dissidents across 10 countries. According to Avast, Candiru likely laid low until this latest round of attacks following last year’s release of Citizen Lab’s report to update its malware and evade detection efforts.

Unity is merging with Ironsource in an all-stock deal valuing Ironsource at $4.4B in a big consolidation play for gaming

Update: the companies have confirmed the news here. IronSource is being valued at $4.4 billion in the all-stock deal. Part of the transaction will also involve Silver Lake and Sequoia, the two largest Unity shareholders, to invest $1 billion in Unity in the form of convertible notes after the transaction closes.

The companies expect the detail to close in Q4, and “is expected to generate a run rate of $1 billion in Adjusted EBITDA by the end of 2024,” Unity said.

“We believe the world is a better place with more successful creators in it. The combination of Unity and ironSource better supports creators of all sizes by giving them all the tools they need to create and grow successful apps in gaming and other consumer-facing verticals like e-commerce,” said John Riccitiello, CEO of Unity, in a statement. “This is a step further toward realizing our vision of a fully integrated platform that helps creators in every step of their RT3D journey. We look forward to welcoming Tomer Bar-Zeev, the CEO of ironSource, and the rest of ironSource’s talented team into the Unity family.”

Original story from earlier: The downturn in tech valuations is leading to some significant M&A activity, and the latest development on that front looks like it is coming from the world of gaming and perhaps more specifically, interactive developer ops. Unity, the massive games and other interactive content development platform, is planning to merge with Ironsource, an app monetization platform that provides tools for ads, cross-channel marketing, distribution and more.

The news is not yet official, but a source tells us that it will be announced formally as early as later today. A spokesperson for Ironsource did not deny the deal when I contacted the company to ask for comment; she only said that she would be sending me a comment when she could later. We’re continuing to ask questions and will update this story as we hear more.

The move would bring together two powerhouses in their respective fields — interactive development and app monetization. However, both companies have something else in common: they are publicly traded and have seen their stocks decline in recent months, in line with the larger downturn in the technology sector. That’s leading to pressure from shareholders, on top of the companies’ wider strategies to continue growing and diversifying themselves as businesses in what is shaping up to be a challenging climate.

In Ironsource’s last quarterly earnings, reported in May, the company noted a healthy revenue jump of 58% to $190 million, but its guidance for the next quarter and full-year were less robust: it adjusted down its expected FY figures to a range of $750 million to $780 million, versus previous guidance of $790 million to $820 million. The company operates in the black, with a net income of $13.8 million in the previous quarter. The company was one of the wave of businesses that went public via SPAC durng Covid-19 pandemic. (In its case it went public in 2021, when it was valued at over $11 billion.)

Meanwhile, Unity’s quarterly earnings, announced in the same month, reported revenue of $320.1 million for the quarter, up 35% on the year. Yet it also adjusted down its guidance for the next quarter and the full year, citing “challenges with monetization products that we expect to impact 2022.” (Cue buying more assets to help with, yes, monetization…) It said it expects to make between $290 million and $295 million next quarter, and between $1.350 billion and $1.425 billion for the year.

And importantly, despite its size and market traction, Unity is operating in the red: it posted a net loss last quarter of $177.6 million compared to $107.6 million in the quarter a year ago.

The deal has been described to me by a source as a merger, but one company is definitely bigger than the other. Ironsource’s market cap at the time of writing is $2.3 billion, but that figure has dropped drastically in the last six months. Unity is currently valued at $11.8 billion, although it has similarly been weathering a pretty rough financial storm: its stock has lost nearly two-thirds of its value in the last six months.

Pursuing M&A as a route to product and user growth has long been a strategy for larger tech companies, but the last several months have seen a number of M&A deals surface among smaller players, too, as funding sources become a less less free flowing, performance targets are tightened, and valuations drop.

Both of these companies are no stranger to that trend. Ironsource’s last acquisition was picking up Tapjoy in January for $400 million. Unity in the same month acquired Ziva Dynamics to expand the tools that it offers to games and other interactive developers, for an undisclosed sum.

… And as we got ready to hit publish on this story, it looks like the Israeli press — Ironsource is traded in the US but was founded out of Tel Aviv — is also starting to report the news.

More to come.

Helios wants to tame the microservices development chaos

Helios, a Tel Aviv–based startup that wants to make it easier for developers to understand, troubleshoot and test their distributed systems during the development phase, today announced its general availability and that it has raised a $5 million seed round co-led by Entrée Capital and Amiti VC. A number of angel investors, including Benny Schnaider, Guy Podjarny (co-founder of Snyk), Adi Sharabani and Yair Amit (co-founders of Skycure) and Guy Fighel (GM at New Relic), also participated in this round.

“We want to help you, as the developer — even before production — to accelerate your development process, your troubleshooting process, your testing process, because today, what we know is that developers really struggle. When you make a change in one place of your system, you don’t necessarily know how it affects the rest of your system,” Helios CEO Eli Cohen, who co-founded the company with CTO Ran Nozik, told me.

Since it’s hard for developers to understand how their code interacts with the rest of the system, the development process often slows down. Meanwhile, even a small bug in one microservice or API can quickly take down a large distributed app.

The idea behind Helios is to help developers understand exactly how their code interacts with the rest of the applications. Using Open Telemetry, a collection of open source observability tools, Helios pulls in distributed tracing data from the application and puts it into context for the developer. That means they can replay exactly how their code interacts with the large applications to more easily find and reproduce issues, for example.

Image Credits: Helios

“Growing tech companies often grapple with scaling their cloud-native architecture,” said Eran Bielski, general partner at Entrée Capital, in an email. “Companies want to focus on building a successful business, but often the day-to-day work of developers is full of friction that slows down progress. Helios’ focus on both developer velocity and productivity is exactly what the market needs, and I have little doubt that every software development company in the world will soon be using such a tool.”

The company’s Open Telemetry SDK currently supports Go, Java, .NET, Node.js, Python and Ruby, and the service can integrate with tools like Postman, build systems like, error monitoring solutions like Airbrake and Sentry, as well as data warehouses like Databricks and a number of popular observability platforms and testing frameworks. That should cover quite a lot of use cases, but with the new funding, the company plans to expand the number of integrations over time.

The service, which offers a basic free plan and paid plans starting at $99/month, is now generally available. If you want to see what it looks like before jumping all in, though, the company also offers an easy way to test drive it in a pre-populated sandbox environment, something far more companies should do.