Cybersecurity Acquisitions in 2025

Complete, a Charlotte-based MSP backed by private investment firm Heritage Holding, has acquired Columbia Advisory Group (CAG), a Dallas-based cybersecurity and GRC consulting firm. The add-on expands Complete's managed IT and cybersecurity capabilities and brings CAG's expertise serving higher education, state and local government, and mid-market enterprise clients into Complete's platform.

BTQ Technologies announced a strategic investment in Keypair, a Korean full‑stack security company, to co‑own Keypair's post‑quantum cryptography (PQC) intellectual property and jointly develop hardware‑rooted, infrastructure‑grade security solutions. The partnership expands BTQ's footprint in South Korea and leverages Keypair's deployments across defense, energy and financial services to accelerate commercial integration of BTQ's quantum‑safe security roadmap.

NuView, a newly formed managed IT and cybersecurity platform backed by RFE Investment Partners (majority) and Mansfield Investment Partners, has acquired Austin-based managed security provider Beyond Secure. The investment will support NuView’s organic growth and strategic add-on acquisitions to expand its managed IT, cybersecurity, compliance, and advisory capabilities for regulated industries.

Cyderes, a global managed cybersecurity services provider, has acquired Lucidum, a security data fabric and entity intelligence platform. The acquisition brings identity-aware data fabric capabilities into Cyderes’ portfolio to strengthen IAM, exposure management, and MDR offerings and accelerate AI-driven remediation and SaaS offerings.

Veeam Software completed its $1.725 billion acquisition of Securiti AI to create a unified Data Platform that combines Veeam's data resilience capabilities with Securiti AI's DSPM, privacy, governance and AI trust functionality. The deal brings roughly 600 Securiti AI employees into Veeam and names Securiti AI founder Rehan Jalil as Veeam's President of Security and AI to accelerate safe AI adoption at scale.

RKON Technologies has acquired cloud security and consulting firm ScaleSec, integrating ScaleSec’s cloud security, compliance, and managed services capabilities into RKON’s offerings. The seller was Vixul (ScaleSec’s accelerator/portfolio backer), and the transaction strengthens RKON’s multicloud security and managed services capabilities; financial terms were not disclosed.

MetaCompliance has acquired Junglemap, a Nordic security and compliance awareness provider, in a transaction supported by Keensight Capital. The deal brings Junglemap’s NanoLearning methodology and AI content capabilities into MetaCompliance’s human risk management platform and strengthens the company’s Nordic and broader European footprint.

Red River has acquired Invictus, a national security services provider specializing in cyber, intelligence and enterprise modernization, to strengthen its Government Technology Systems capabilities. Invictus will operate as "Invictus, a Red River Company," bringing talent and mission-focused capabilities that expand Red River's AI-enabled cybersecurity and national security modernization offerings to Department of Defense, Intelligence Community and federal civilian customers.

Checkmarx has acquired Tromzo, an AI-native startup that builds autonomous triage and remediation agents for application security, and will integrate Tromzo's reasoning engine and engineering team into the Checkmarx One platform. The acquisition brings Tromzo's founders and AI engineers into Checkmarx to power new Checkmarx Assist agents and accelerate enterprise-grade autonomous AppSec capabilities starting in early 2026.

Woven Solutions, a Reston, Virginia-based provider of AI-enabled mission software, has acquired Cystemic Security to expand its cyber forensics and managed attribution capabilities. The deal — Woven's first acquisition after a strategic investment from Falfurrias Management Partners — strengthens its ability to deliver end-to-end cyber tooling and managed attribution solutions for U.S. national security and intelligence customers.

LevelBlue has completed its acquisition of Cybereason, integrating Cybereason’s XDR platform, threat intelligence, and DFIR capabilities into LevelBlue’s managed security services. As part of the transaction, SoftBank Corp., SoftBank Vision Fund 2, and Liberty Strategic Capital took equity stakes in LevelBlue and Steven T. Mnuchin joined LevelBlue’s board, supporting the company’s capability and geographic expansion.

McAfee has completed the acquisition of MineOS's consumer privacy division. MineOS will divest its consumer product to focus fully on enterprise privacy, risk management, and AI governance, reinvesting proceeds to accelerate its enterprise platform development.

Allurity, a Stockholm-based European cybersecurity group supported by investor Trill Impact, has acquired MSF Partners (Monti Stampa Furrer & Partners), an OT/ICS security specialist headquartered in Zurich, Switzerland. The deal expands Allurity’s operational technology and critical-infrastructure security capabilities, strengthening its offering across energy, manufacturing, mining and other high-risk sectors.

Amplix, a Gemspring Capital portfolio company, has acquired 24By7Security, a Coral Springs-based cybersecurity consulting and compliance firm. The add-on expands Amplix’s cybersecurity capabilities—adding services such as program development, risk assessments, vCISO advisory, incident response planning, security testing, and managed security operations—to better support clients across regulated and non-regulated industries.

TekSynap Corporation has completed the acquisition of JBA, Inc., a veteran-owned technology engineering firm that provides cyber operations and specialized IT services supporting the Federal Bureau of Investigation. The deal expands TekSynap’s mission portfolio and footprint across FBI programs and federal mission locations, adding capabilities in cyber operations, systems engineering, network engineering, cloud and software development.

Gentex Corporation has acquired Toronto-based biometric authentication provider BioConnect and will integrate its enterprise-grade software into a newly formed Security & Access Control commercial division. The acquisition (terms not disclosed) expands Gentex's biometrics and identity-assurance capabilities and will be combined with its existing hardware assets such as EyeLock to pursue high-security enterprise and critical-infrastructure customers.

Huntress has acquired London-based Inside Agent, a specialist in Microsoft 365 and identity security, to accelerate development of a new Identity Security Posture Management (ISPM) offering planned for 2026. The acquisition brings Inside Agent's automated Microsoft 365 assessment capabilities into Huntress's managed security platform to strengthen proactive identity protection.

SAFE, a leader in cyber risk quantification, has acquired Balbix to create an integrated, AI-native platform that unifies exposure management and risk quantification. The deal combines Balbix's continuous threat exposure management capabilities with SAFE's cyber risk quantification to deliver a single, agentic-AI-driven solution for enterprise cyber risk management.

Coalition has acquired Wirespeed to integrate the startup’s fully automated Managed Detection and Response (MDR) capabilities into Coalition’s Active Insurance platform, improving speed and quality of threat detection and response. Wirespeed co-founders Tim MalcomVetter and Jake Reynolds will join Coalition leadership to lead security and engineering integration efforts.

Hexaware Technologies has acquired CyberSolve, a specialist identity and access management (IAM) provider, to expand its AI-led identity security and managed cybersecurity capabilities. The deal combines CyberSolve’s IAM expertise and specialist teams with Hexaware’s global consulting, engineering scale, and 24x7 security operations to accelerate identity modernization, faster onboarding, smoother migrations and continuous compliance for enterprise clients.

Pentera has acquired EVA Information Security to expand its AI red teaming and adversarial testing capabilities. The deal combines Pentera's automated security validation platform with EVA's research-led penetration testing and red teaming services to help enterprises validate and secure AI-integrated applications and infrastructure.

MorganFranklin Cyber, a PE-backed cybersecurity advisory and managed services firm, has acquired Lynx Technology Partners to expand its cybersecurity, risk management, and business development capabilities. As part of the deal, Lynx founder Aric K. Perminter joins MorganFranklin Cyber as Managing Director, Client Relations to support integration and client growth.

Axiom GRC has acquired IS Partners, a U.S. cyber assurance and compliance services provider, to accelerate its North American expansion and broaden its cyber assurance and compliance offerings. IS Partners—headquartered in the Philadelphia area—serves roughly 600 customers with recurring audits across frameworks such as SOC 1/2, ISO 27001, HITRUST, HIPAA, PCI DSS and CMMC; the deal is Axiom's first U.S.-headquartered acquisition and its fifth since partnering with Inflexion.

London-based cybersecurity services provider Saepio has acquired Milton Keynes-based offensive security specialist Ruptura, internalising Ruptura’s penetration-testing, red-teaming, and resilience assessment capabilities. The deal (terms undisclosed) brings Ruptura’s CREST/CHECK accreditations and Cyber Essentials services into Saepio, adds roughly 15 staff, and will see founder Tom Heenan join Saepio as Director of Offensive Security to expand Saepio’s offensive-security and compliance offerings.

Bugcrowd has acquired Mayhem Security, an AI offensive security pioneer founded by Carnegie Mellon researchers, to integrate Mayhem's autonomous testing and reinforcement-learning capabilities into Bugcrowd's crowdsourced security platform. The acquisition (terms not disclosed) will combine Bugcrowd's hacker community with Mayhem's AI-driven offensive testing to deliver continuous, human-in-the-loop security across development and production; Dr. David Brumley will join Bugcrowd as Chief AI and Science Officer.

Zscaler, Inc. has acquired AI security pioneer SPLX to extend the Zscaler Zero Trust Exchange with AI asset discovery, automated red teaming, runtime guardrails, and governance across the AI lifecycle. The deal integrates SPLX's technology for discovery, risk assessment and remediation into Zscaler's cloud security platform to help enterprises secure models, agent workflows, and RAG pipelines from development through deployment.

Cadence Design Systems has completed its acquisition of Secure-IC, a provider of embedded security IP, security evaluation tools and related services. The deal enhances Cadence’s embedded cybersecurity capabilities and positions the company to better address security and regulatory requirements across end markets such as automotive, aerospace, data center and IoT.

San Francisco-based private equity firm Ponte Partners has acquired a portfolio of three technology companies — Fandom, Exabeam and ExteNet — from an unnamed private equity investor seeking liquidity. The acquisition expands Ponte Partners' technology portfolio across media, cybersecurity, and digital infrastructure and coincides with the appointment of Howard Lee as Managing Partner to support the firm's secondary-investment strategy.

JumpCloud has acquired Breez, an Identity Threat Detection, Investigation and Response (ITDR) platform, to bolster its identity security and accelerate its product roadmap. The acquisition brings Breez's specialized ITDR technology and team into JumpCloud's unified identity, device, and access management platform; transaction terms were not disclosed.

DoiT, the provider of DoiT Cloud Intelligence, has acquired CloudWize, a multi-cloud security posture and compliance platform. The acquisition extends DoiT’s FinOps and CloudOps capabilities into cloud security, connecting security posture, compliance, and cost impact as part of DoiT’s broader $250 million investment into AI-driven CloudOps and FinOps.

MTX Group Inc., a global technology consulting firm, has acquired VerifyID.ai, an AI-powered digital identity verification platform focused on the public sector. The acquisition expands MTX's AI and cybersecurity capabilities and enables integration of VerifyID.ai's biometric, anti-spoofing, and decentralized identity technology into MTX's government-facing services.

RecordPoint has acquired Redactive, an Australian AI company that provides sensitive data discovery and classification tools, to strengthen RecordPoint's AI capabilities in data security and governance. The deal — terms undisclosed — will help RecordPoint accelerate capability expansion and international growth while integrating Redactive's platform to better serve regulated customers in banking, financial services and government.

Noventiq, a London-headquartered provider of digital transformation and cybersecurity solutions, has received a strategic equity investment from U.S.-based private equity firm Niobrara Capital. The investment deepens Noventiq's relationship with existing investor Da Vinci Capital and is intended to accelerate the company’s global growth and expand service offerings in cybersecurity and digital transformation.

Riveron has acquired Eden Data, an Austin-based cybersecurity, GRC, and AI advisory firm with nearly 60 professionals, to expand its Risk Advisory capabilities. The acquisition broadens Riveron's offerings in cybersecurity, compliance, and AI risk management, integrating Eden Data's expertise into Riveron's finance- and CFO-focused advisory platform.

Imprivata has acquired Verosint to integrate Verosint’s AI-powered Identity Threat Detection and Response (ITDR) capabilities into Imprivata’s enterprise access management platform. The deal is intended to strengthen Imprivata’s advanced and passwordless access strategy by adding continuous risk signaling, real-time detection, and automated response to identity-based threats at enterprise scale.

EarlyHealth Group has acquired a 50% equity stake in CYB3R Limited, a Dubai-headquartered cybersecurity firm, in a strategic move to embed cybersecurity capabilities into its global life sciences platform. The investment will enable CYB3R to scale internationally and deliver turnkey cybersecurity solutions to healthcare, government and regulated clients while keeping existing leadership in place.

Nomios, a Keensight Capital‑backed cybersecurity integrator, has acquired Intragen, a leading European Identity and Access Management (IAM) services provider, from private equity owner FPE Capital. The deal expands Nomios's IAM capabilities and European footprint while delivering an exit for FPE's Fund II after significant growth and multiple bolt-on acquisitions at Intragen.

C2A Security has acquired Pittsburgh-based Vigilant Ops, a specialist in SBOM automation and product security for MedTech and healthcare customers. The acquisition integrates Vigilant Ops’ SBOM and compliance capabilities into C2A’s AI-driven product security orchestration platform to accelerate MedTech, defense, and telecom market expansion and strengthen regulatory and supply-chain security offerings.

Pentera has acquired DevOcean, an AI-driven remediation management platform, to integrate automated remediation workflows into its security validation offering. The deal expands Pentera's platform capabilities—connecting adversarial testing and validated risk to automated remediation—helping customers accelerate time-to-fix and meet compliance-driven SLAs.

NoFraud has acquired Yofi AI to expand its ecommerce protection capabilities beyond payment fraud into returns and policy abuse detection. Yofi AI — backed by Nyca Partners, Point72 Ventures, and eBay Ventures — will be integrated into NoFraud’s platform ahead of the holiday season to provide unified, real-time protection for merchants.

Kaseya, the Miami-based provider of AI-powered IT management and cybersecurity software, has acquired INKY, an AI-driven email security provider focused on MSPs and SMBs. The acquisition brings INKY's generative-AI email protection into Kaseya's platform (including Kaseya 365 User) to strengthen email security capabilities and threat detection across Kaseya's MSP customer base.

Epiq has acquired First Watch Data Breach Solutions, LLC from First Watch Technologies to expand its cyber incident response and notification capabilities. The acquisition brings roughly 100 First Watch Data Breach Solutions employees into Epiq and broadens Epiq’s breach response, credit monitoring, call center, and notification services across North America, UK/EMEA, Australia and APAC.

Vectra AI has acquired Netography, a cloud-native network observability vendor, to integrate Netography Fusion into the Vectra AI platform (rebranded as Vectra Fusion) and strengthen visibility across hybrid and multi-cloud environments. The deal combines Netography's agentless, software-defined observability with Vectra AI's AI-driven attack signal clarity to expand the platform's cloud-network security capabilities.

Swiss investor INVISION and German private equity firm PINOVA have acquired Utimaco’s Telecom Solutions division (Utimaco TS), a carve-out focused on Lawful Interception Management Systems. The transaction closed on September 30, 2025 and the newly independent company began operating on October 1, 2025, enabling the unit to pursue a dedicated growth strategy under its new owners.

Sunstone Partners, a growth-oriented private equity firm, has acquired majority ownership of Clearwater from Altaris, LLC and other existing shareholders. The investment will support Clearwater’s expansion of managed security, consulting, and software capabilities across the healthcare ecosystem and the defense industrial base (via its Redspin division).

Fortified Health Security, a healthcare-focused managed security service provider (MSSP) based in Brentwood, Tennessee, has acquired Latitude Information Security, a healthcare-focused cybersecurity advisory firm known for HITRUST CSF, risk assessments and third‑party risk management. The acquisition brings Latitude under the Fortified brand, expands Fortified’s advisory and HITRUST capabilities, and adds a Philadelphia presence; Latitude’s CEO Mark Ferrari will lead a new Risk and Governance Services division within Fortified.

Cybersecurity firm 360 Advanced has acquired Security Compliance Associates (SCA) to expand its cybersecurity and compliance advisory, audit, and certification capabilities. The deal strengthens 360 Advanced's service offering across regulatory frameworks and marks another strategic add-on to the company's recent acquisition activity.

Cyberbit has acquired RangeForce, combining two leading cyber range and training platforms to create an AI-powered operational cyber readiness offering for enterprises and governments. The deal is backed by Cyberbit's financial sponsors, Charlesbank Capital Partners and Claridge, and RangeForce will operate as a wholly owned subsidiary of Cyberbit.

Brazilian identity network Unico has acquired OwnID, a U.S.-based startup that provides passkey-first, passwordless authentication and biometric login solutions. The deal strengthens Unico's passwordless authentication capabilities as it expands internationally; Unico processes ~25 million identity transactions per month while OwnID handles over 3.5 million authentications monthly and counts Nestlé, SAP, the NFL and Michael Kors among its clients.

SecurityScorecard has completed the acquisition of HyperComply, integrating HyperComply's AI-driven questionnaire automation and compliance management with SecurityScorecard's continuous security ratings and supply chain visibility. The combined offering aims to automate vendor security questionnaires, provide continuous supplier assurance across supply chains, and accelerate vendor onboarding while supporting global compliance mandates.