Cybersecurity M&A Roundup: 30 Deals Announced in December 2025 - SecurityWeek

Thirty cybersecurity-related merger and acquisition (M&A) deals were announced in December 2025. SecurityWeek has cataloged more than 420 M&A deals in 2025. A detailed report will be published in the coming weeks. Eight acquisitions involving pure-play cybersecurity firms exceeded $1 billion.  Here are some of the most important cybersecurity M&A deals announced in December 2025:     Akamai acquires Fermyon Cloud and security company Akamai has acquired serverless cloud provider Fermyon. Fermyon’s WebAssembly (Wasm) function-as-a-service is being combined with Akamai’s platform to enable enterprises to build edge-native applications with better performance and lower costs. Akamai also plans to deepen the integration between the edge functions platform and its performance and security products. Checkmarx acquires Tromzo Application security firm Checkmarx has acquired Tromzo, a company specializing in AI-native autonomous security agents. Tromzo’s technology and engineering team will enhance the Checkmarx One platform and expand Checkmarx Assist AI agents. Tromzo founders and employees will join Checkmarx’s product and engineering organization. Integrity360 acquires Cresco and Redshift Integrity360, an Ireland-based cybersecurity firm with a presence in Europe and Africa, announced two acquisitions in December. It bought South Africa-based Redshift, which specializes in penetration testing, to strengthen its presence in South Africa and expand its SOC capabilities. It also announced buying Cresco, a cybersecurity services consultancy that serves organizations in Belgium and Luxembourg.  Outpost24 acquires Infinipoint Swedish exposure management and identity security firm Outpost24 announced the acquisition of Infinipoint, a company providing device identity, posture validation, and secure workforce access solutions. The deal marks Outpost24’s entry into the zero trust workforce access market, and enables the company to enhance its identity security capabilities.  Red Hat acquires Chatterbox Labs Red Hat has acquired AI security and safety company Chatterbox Labs. Red Hat said the acquisition enables it to add safety testing and guardrails to its AI. Red Hat’s MLOps capabilities will be combined with Chatterbox’s guardrail capabilities. ServiceNow to acquire Armis and Veza ServiceNow is acquiring Armis, a company specializing in solutions for discovering IT, OT, and IoT assets, in a $7.75 billion cash deal. ServiceNow is also buying identity security firm Veza, reportedly for $1 billion. The goal is to extend the capabilities of its security and risk portfolios. Silent Push acquires HYAS Threat intelligence company Silent Push has acquired HYAS, a Canada-based firm specializing in proactive threat intelligence and protective DNS solutions. The deal enables Silent Push to enhance its capabilities and expand its customer base. HYAS leadership and employees will join Silent Push, and the company will operate under the Silent Push brand. Other cybersecurity M&A deals announced in December 2025: Aretum acquires Veterans Engineering Arteris to acquire Cycuity Bastion merges with Phronesis Security BigBear.ai acquires Ask Sage Broadwing Capital acquires CloudScale365  BTQ acquires PQC IP through Keypair investment Cyderes acquires Lucidum Harbor IT acquires ZAG Technical ID-Pal acquires NorthRow Infinum acquires AMR CyberSecurity itSynergy acquires Comply’s Itegria Business Limerston Capital acquires Aristi MetaCompliance acquires Junglemap Northern Telecom acquires C-STEM oXya acquires Axl & Trax Red River acquires Invictus SPIE acquires Cyqueo Symposit acquires HumanLink Synergy ECP acquires NetServices Woven Solutions acquires Cystemic Security TRM acquires Sheffield Scientific Related: Cybersecurity M&A Roundup: 30 Deals Announced in November 2025 Related: Cybersecurity M&A Roundup: 45 Deals Announced in October 2025 WRITTEN BY Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact Hacking Attempt Reported at Poland’s Nuclear Research Center Loblaw Data Breach Impacts Customer Information Starbucks Data Breach Impacts Employees Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and Shipping Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet Apple Updates Legacy iOS Versions to Patch Coruna Exploits Meta Launches New Protection Tools as It Helps Disrupt Scam Centers Latest News Tech Giants Invest $12.5 Million in Open Source Security UK Companies House Exposed Details of Millions of Firms  Surf AI Raises $57 Million for Agentic Security Operations Platform Robotic Surgery Giant Intuitive Discloses Cyberattack 174 Vulnerabilities Targeted by RondoDox Botnet Google, Meta, Microsoft Among Signatories of Pact to Combat Scams Tracebit Raises $20M for Cloud-Native Deception Technology CISA Flags Year-Old Wing FTP Vulnerability as Exploited Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Virtual Event: Supply Chain Security And Third-Party Risk Summit March 18, 2026 Join the event where top security experts unpack the biggest software supply chain risks. Register People on the Move Nudge Security has appointed Patrick Dillon as Chief Revenue Officer. Arctic Wolf has named Will May as its Chief Revenue Officer. Palo Alto Networks has named Danielle Gonzalez as its new Chief People Officer. More People On The Move Expert Insights The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat As Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How To Eliminate The Technical Debt Of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Flipboard Reddit Whatsapp Email