Welcome to The Cybersecurity Pulse (TCP)! I'm Darwin Salazar, Head of Growth at Monad and former detection engineer in big tech. Each week, I bring you the latest security product innovation and industry news. Subscribe to receive weekly updates!

Subscribe now

Share

Doomscrolling To Catch Vulns? There’s A Better Way

Zach, CTO at Yembo, used to catch vulns while scrolling on X between meetings – and hoping he didn’t miss the big one. Now, he starts his day with cvemon – Intruder’s free vulnerability intelligence platform.

It cuts through the noise and tracks the hype around the latest CVEs so you can see what matters and act quickly when things are getting Log4Shell-loud. If it’s blowing up, Zach’s already on it.

Check out cvemon here!

👉 Want to sponsor the TCP newsletter? Learn more here.

Howdy! 👋🏼 I hope your September is off to a great start! We have a lot of ground to cover today so two things before we jump in:

• I’ll be at Splunk .conf in Boston next week. If you plan on being there, let’s grab a coffee or a lift! ☕

• I wrote a recap of Monad’s massive month here. 21 new integrations (🔥). New metrics dashboard and much more!

Now, let’s dive into this week’s news!

TL;DR 📰

• 🚨 Salesloft breach impacts hundreds of companies with stolen OAuth tokens for Salesforce, Slack, Google Workspace, Azure, and OpenAI services

• 📦 Supply chain attack via malicious Nx packages exposed 5.5K+ private repos from 400+ organizations using AI tools for automated recon

• 🦅 CrowdStrike Q2FY26 earnings hit $1.17B revenue (up 21% YoY) and announces $290M Onum acquisition for security data pipeline capabilities

• 📈 Zscaler surpasses $3B ARR milestone with $719.2M quarterly revenue (up 21% YoY) and completes Red Canary acquisition

• 🎯 Cato Networks acquires Aim Security for an est. $350-400M marking the 3rd major AI security acquisition of the year

• 🔨 AegisAI comes out of stealth. AI-native email security. Founded by former Googlers.

• 📧 Varonis acquires SlashNext for $150M adding email, Slack, Zoom, WhatsApp++ security capabilities

• 🔑 Microsoft enforces MFA for all Azure resource management starting October 2025 as part of Secure Future Initiative

• 🔍 Horizon3.ai adds EDR validation capabilities for testing endpoint security effectiveness

Let’s cyber 🕺🏽

⚒️ Picks of the Week ⚒️

The Ongoing Fallout from a Breach at AI Chatbot Maker, Salesloft

"The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including Slack, Google Workspace, Amazon S3, Microsoft Azure, and OpenAI." - KrebsOnSecurity

"What's most noteworthy about the UNC6395 attacks is both the scale and the discipline… This wasn't a one-off compromise; hundreds of Salesforce tenants of specific organizations of interest were targeted using stolen OAuth tokens, and the attacker methodically queried and exported data across many environments." - " Cory Michal, CSO of AppOmni

Among those impacted are Cloudflare, Zscaler, and Palo Alto Networks. I’d say this will end up being the biggest SaaS/AI attack of the year given the scope. This reminds me of the open letter JP Morgan Chase CISO, Patrick Opet, wrote earlier this year about the SaaS delivery model being an enabler for attackers.

Here are Cloudflare’s findings from their investigation into the breach.

Story is still developing.

🧘🏽‍♂️Extend Your SOC Team with AI-Powered Security Operations 🧘🏽‍♂️

Tired of an endless alert backlog and too many false positives?

Intezer's Autonomous SOC solution automates investigations and triage decisions, freeing up your team to focus on what matters most. Discover how enterprise teams and top MSSPs are using AI-powered alert triage to cut through the noise, enhancing their SOC analysts' efficiency and accuracy.

See Intezer in action

s1ngularity: supply chain attack leaks secrets on GitHub

The Wiz research team recently discovered a gnarly attack where multiple malicious versions of the Nx build system package were published the npm registry. The packages included scripts that harvested sensitive dev creds like SSH keys, API tokens etc. The packages also, interestingly enough, leveraged AI CLI tools like Claude and Gemini to help automate recon efforts. The attackers exfiltrated the creds by creating public repos within the victims' GitHub account.

It seems that Github squashed this within 24-48hrs, but even within that time frame 400+ organizations were impacted with over 5.5K private repos being published publicly.

Correction: Kudos to Adnan Khan and the Step Security team for discovering and reporting on this!

CrowdStrike Q2 FY2026 earnings and plans to Acquire Onum

CrowdStrike reported earnings last week. Key highlights:

• Quarterly revenue $1.17B (Up 21%YoY)

• $4.66B ARR (Up 20% YoY) - $221M net new ARR in Q2

• Cash and Cash Equivalents = $4.97B.. They're sitting on a lot of cash.

• Will be interesting to see how they deploy this cash. I think they could use email security capabilities given how significant of a threat vector it is.

• NG-SIEM biz at $430M ARR (Up 95% YoY)

CrowdStrike also announced their intent to acquire Onum, which is a security data pipeline startup, for $290M. It's a smart move by CrowdStrike because:

• SIEM Migration: In order to grow their SIEM biz, they need to migrate customers from their existing SIEM(s). This is a non-trivial, painful task that takes months to years depending on multiple factors. It becomes 10x easier with existing integrations and scalable pipelines which Onum has.

• Log ingestion: To do anything in a SIEM you need data. Getting data into a SIEM is often a non-trivial, painful task. The more data stored in a SIEM typically means more money for the vendor. Onum unlocks new data sources for existing CrowdStrike customers which makes their lives easier + increases bottom line revenue for CrowdStrike.

• Better AI/ML: AI/ML relies heavily on data.. High quality data... Lots of it. CrowdStrike has done AI/ML for a long time and will continue to do so. This acquisition helps with that.

Fantastic acquisition and execution by CrowdStrike leadership and kudos to the Onum team!

Quarterly earnings report presentation here.

Zscaler Exceeds Q4 Expectations with $3B ARR Milestone, Stock Rises

Zscaler also recently reported strong quarterly results. Key highlights below:

• Quarterly revenue of $719.2M (Up 21% YoY)

• Surpassed the $3B ARR milestone (Up 22% YoY)

• Completed acquisition of Red Canary

• They're investing heavily into AI security

• Cash and Cash Equivalents = $3.5B+

Quarterly earnings report presentation here.

Microsoft to enforce MFA for Azure resource management in October

Microsoft announced it will enforce MFA for all Azure resource management actions beginning October 1, 2025, covering Azure CLI, PowerShell, SDKs, and REST API operations as part of its Secure Future Initiative. If you're an Azure customer, you should have received an email with more details.

🔮 The Future of Security 🔮

AI Security

Cato Networks to Acquire Aim Security

This marks the 3rd major AI security acquisition of the year. Aim raised $28M of total funding through Series A. Deal is rumored to be between $350M - $400M. More consolidation is expected in the space.

Toolhive - Run MCP Servers in a Hardened Container

Stacklok recently open-sourced Toolhive which enables users to deploy MCP servers from a hardened container. We need more of this. Kudos to the Stacklok team!

Email Security

AegisAI comes out of stealth

A new email security startup founded by former Googlers has come out of stealth. AegisAI aims to build AI-native email security that doesn't rely on detection rules. Interesting and novel approach. No details yet on funding.

Varonis Acquires Email Security Firm SlashNext

Varonis to acquire SlashNext, an email security provider, for $150M. The solution also provides coverage for Slack, Zoom, WhatsApp and other key communication channels. As a leading data security platform, this is a fantastic addition by Varonis. Aside from the tech, they also add SlashNext founder, Atif Mushtaq, who helped build FireEye's malware sandboxing tech.

Endpoint Security

Horizon3.ai Expands NodeZero with Endpoint Security Effectiveness Check

Horizon3 now has capabilities to helps teams validate the effectiveness of their EDR tools. We need more of this. Too many companies rely on their vendors to keep them secure when in reality, the solutions either haven't been properly deployed or it's just not a good tool and misses even basic attacks. Continuous security validation is crucial.

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of ~7,300 CISOs, practitioners, founders, and investors across 100+ countries 🌎

👉 Learn more here!

Bye for now 👋🏽

That’s all for this week… ¡Nos vemos la próxima semana!