Welcome to The Cybersecurity Pulse (TCP)! I'm Darwin Salazar, Head of Growth at Monad and former detection engineer in big tech. Each week, I bring you the latest security product innovation and industry news. Subscribe to receive weekly updates!

Subscribe now

Share

Consistent investigations. Fewer false positives. Faster resolution.

Too many alerts, not enough hands. False positives drain your team while real threats hide in the noise.

Prophet Security’s AI SOC Platform handles alert triage and investigation at machine speed, gathering evidence, drawing conclusions, and showing its work. Your analysts stay focused on the alerts that actually matter.

No black-box automation. No ramp-up time. Just consistent, transparent investigations that free up your team.

👉 Request a demo

Want to sponsor the TCP newsletter? Learn more here.

Howdy! Hope you're all doing well wherever you're reading from! I'm writing this at 5am from somewhere on the north pacific coast. Having a blast at the Monad company offsite, more to come on that next week! This week's TCP will be short and sweet without much of our typical discourse.

That said, an insane amount of things have taken place over the past week so let's dive in!

TL;DR 📰

• 🪱 Shai Hulud npm worm hits 450+ packages - self-replicating malware spreading across ecosystem, even hitting CrowdStrike packages

• 🎯 Sublime launches ADÉ (Autonomous Detection Engineer) - AI-powered email defense that writes explainable detection rules tailored to each org

• 🦄 Vega Security exits stealth with $65M at $400M valuation - Ex-Unit 8200 team bringing fresh approach to SecOps, already has Fortune 500 customers

• 💰 AI Security M&A frenzy: ~$740M in acquisitions - Check Point buys Lakera ($300M), CrowdStrike acquires Pangea ($260M), F5 gets CalypsoAI ($180M)

• ⭐ Texas Cyber Command gets first chief - Retired Navy Admiral TJ White to lead $345M state cyber defense unit

• ⚡ Wiz launches incident response service

• 🔐 Remedio raises $65M - endpoint security

• 🛡️ Terra Security raises $30M - AI penetration testing platform

• 🚪Red Access Raises $17M - SSE

• 💾 Ray Security Raises $11M in Seed Funding - Data security

• 🎯Silent Push raises $10M for threat intel and predictive security platform

• 🔑Fabrix Security Raises $8M to Launch AI-Native Identity Platform

• 🎓 Hack The Box acquires LetsDefend - expanding blue team training ecosystem

⚒️ Picks of the Week ⚒️

Shai Hulud: self replicating malware worm in npm impacting 450+ packages

This seems pretty serious given # of packages impacted, self-replicating nature of the malware, and the adoption of impacted packages. It even seems some CrowdStrike npm packages have been impacted.

While I honestly haven't had the time to dig into this as I'm at an offsite, my friend Matt Johansen from VulnU crafted a stellar video to recap the madness:

Socket has also put together stellar technical analysis of the attack TTPs, mitigation guidance, and timeline of the attack.

Meet ADÉ: Sublime’s AI-Powered Defense that Autonomously Shuts Down AI-Powered Email Attacks

Email attacks have grown in speed and scale thanks to AI. Security teams that were already inundated by novel threats and user reports are now seeing a level of sophistication, variation, and volume that did not exist prior to the advent of LLMs. In the world of AI attacks, Sublime believes in fighting fire with fire.

That’s why we’re excited to announce ADÉ, the Autonomous Detection Engineer that’s turning the table on attackers and their AI.

ADÉ breaks from the norms of both traditional (rule-based) and modern (AI-based) email security solutions. It offers transparent and explainable AI, not a black box. It writes clear, AI-powered Detection Rules that analysts can understand and verify, not hidden logic that users have no choice but to trust. And maybe most importantly, it tailors detections to each organization's unique email patterns and behaviors rather than applying one-size-fits-all Rules to all Sublime users at once. And it does it all at the speed and scale of AI.

Learn more about Sublime’s Autonomous Detection Engineer here.

Shadow IT May Hide - But Intruder Seeks

Intruder’s security team ran an experiment: how much Shadow IT could we uncover using only public data? The answer: way too much - from backups with live credentials to admin panels with no authentication.

If those assets never make it into your vulnerability management program, they stay invisible to you, but not to attackers. Intruder helps you discover them first and keep them secure. Read the full research to make sure your Shadow IT doesn’t make headlines.

Read more

Podcastin’ with Greg Martin and Ghost Security

I recently sat down with Greg Martin, Co-Founder and CEO at Ghost Security, to chat about my journey from college to red teaming @ Ford Motors to detection engineering at DataDog to starting TCP newsletter to Head of Growth at Monad and everything in between.

We also discussed my affinity for Ghost's marketing approach which is one of my favorites out of all security companies. Ghost has also built a dope Agentic AppSec platform that you can check out here.

Vega Security emerges from stealth with $65M Series A and $400M valuation

Vega, founded just 18 months ago by ex-Unit 8200 veterans CEO Shay Sandler and team, has raised $65 million across seed and Series A rounds led by Accel with participation from Cyberstarts, Redpoint, and CRV, pushing its valuation to $400 million.

The company is looking to reinvent the traditional SIEM approach that has proven is not scalable in today’s world. The company has already landed Fortune 500 companies and major healthcare providers as customers despite being in stealth.

Kudos to the Vega team! Excited to see what they make of this space.

Josh Junon Details MFA Bypass Phishing Attack That Compromised npm Account and Popular Packages

This was a pretty eye-opening interview with Aikido and Josh Junon, one of the main maintainers of popular npm packages 'chalk' and 'debug', which were impacted by last week's npm supply chain attack. In the interview, Josh details how attackers took over Josh's npm account via TOTP-based MFA Man-in-the-middle techniques. It was a perfect storm of conditions and the 2FA reset email was crafted well enough that Josh fell victim to it.

We rarely get 1st hand accounts from folks who've been pwned, but I think it should be encouraged more. It goes a long way in helping us build better security controls, products, and awareness.

Kudos to Josh for his vulnerability and to Mackenzie x Aikido for a stellar interview! Highly encourage watching it.

'The leader we need': Abbott appoints chief of Texas Cyber Command

Governor Greg Abbott appointed retired Navy Vice Admiral Timothy "TJ" White, former head of U.S. Cyber Command, to lead the newly created Texas Cyber Command with a term through February 2027, marking Texas's push to create what Abbott calls the nation's largest state-based cybersecurity department.

The $345.2 million San Antonio-based command will coordinate cyber defense across state, local and federal partners, with White saying his focus will be on "robust resiliency and readiness for critical infrastructure" - the agency is expected to have 65 full-time employees by late 2026, growing to 130 the following year.

🔮 The Future of Security 🔮

🟢 Your Application Security Agents 🟢

Only AI can keep up with AI

DryRun Security agents detect logic flaws, auth gaps, IDOR and more across repos and PRs, then guide fixes before code ships. AI-native analysis reads code like an engineer and a pen tester in one. Trusted with 25,000+ code reviews a week. Your agents are ready to work.

Meet Your Agents

Since I’m super short on time this week (at offsite), I’ll just link the biggest stories across each domain. I’ll be back next week with my normal coverage! 🏄🏽‍♂️

AI Security

Insane amount of activity in the AI security space in recent weeks and last week was no different with ~$740M splurged on acquisitions:

• Check Point to Acquire AI Security Firm Lakera - $300m

• CrowdStrike to Acquire Pangea to Launch AI Detection and Response (AIDR) - $260m

• F5 to Acquire CalypsoAI for Advanced AI Security Capabilities -$180m

• SPLX launches AI Asset Management to map and secure enterprise AI stacks

• Crowdstrike and Meta just made evaluating AI security tools easier

Browser Security

• Neon Cyber Emerges From Stealth, Shining a Light Into the Browser

Data Security

• Ray Security Raises $11M in Seed Funding

• GitHub adds post-quantum protection for SSH access

Endpoint Security

• Endpoint Security Firm Remedio Raises $65 Million in First Funding Round

Identity Security

• Rubrik expands CrowdStrike partnership to strengthen identity resilience

• Fabrix Security Raises $8M to Launch AI-Native Identity Platform

Governance, Risk, and Compliance

• SecurityScorecard acquires HyperComply to automate vendor security reviews

Network Security

• Red Access Raises $17M to Simplify SSE

Offensive Security

• Terra Security Raises $30 Million for AI Penetration Testing Platform

Security Training

• Hack The Box acquires LetsDefend to expand ‘blue team’ training ecosystem

Security Operations

• Introducing Wiz Incident Response: Your Expert Partner for Cloud Security Incidents

• Silent Push raises $10M to expand preemptive cyber defense platform

• Exabeam and Cribl Partner to Power Scalable, High-Fidelity Threat Detection with Next-Gen Data Pipelines

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of ~7,300 CISOs, practitioners, founders, and investors across 125+ countries 🌎

👉 Learn more here!

Bye for now 👋🏽

That’s all for this week… ¡Nos vemos la próxima semana!