Welcome to The Cybersecurity Pulse (TCP)! I'm Darwin Salazar, Head of Growth at Monad and former detection engineer in big tech. Each week, I bring you the latest security product innovation and industry news. Subscribe to receive weekly updates!

Subscribe now

Share

AI Agents That Triage Vulnerabilities for You

Vulnerability management is broken—bloated backlogs, endless false positives, and constant pressure. Maze changes that. Our AI agents autonomously triage and resolve cloud CVE findings, cutting out the noise so your team focuses on what truly matters.

Think of it as having expert security engineers on demand: contextual, precise, and always on. Faster fixes, fewer escalations, and finally, a backlog you can get ahead of.

Find out how it works

Want to sponsor the TCP newsletter? Learn more here.

Howdy! 🤠

Hope you’re having a great week! I’m just getting back from 2 weeks of non-stop travel and looking forward to the weekend.

As to be expected, this past week has been pretty wild in the security world. Thankfully, there’s some great news with 4 major arrests across the LAP$US, ScatteredSpider, and the Cloak Ransomware group. And of course, some less than optimal news because it’s the world we live in 🤷🏽‍♂️

Note: This week’s newsletter is a bit longer than usual so if you’re reading from email, please jump over to our Substack to avoid getting cut off.

That said, let’s do the thing 🪩

TL;DR 📰

• ✈️ Collins Aerospace ransomware disrupts European airports for a week - Brussels cancels 50% of flights, Heathrow loses 1,000+ systems in supply chain nightmare

• 🎯 RiskRubric.ai launches AI model security scoring - First standardized risk assessment for 150+ models with A-F grades, surprising finding: open-source often beats proprietary

• 🐛 GitHub adds 3 new security controls after Shai-Hulud worm hits 500+ packages - Mandating 2FA, 7-day tokens, and trusted publisher methods

• 🤖 Irregular raises $80M for frontier AI security - Sequoia-backed lab red-teams next-gen models, already cited in OpenAI’s GPT-4/5 system cards

• 🕷️ Three Scattered Spider teens arrested after $165M damage spree - UK’s Jubair (19) and Flowers (18) plus Las Vegas minor; Jubair held $50M in crypto, faces 95 years

• 💰 Netskope IPO raises $908M at $8.8B valuation - SASE provider’s 20x oversubscribed offering marks 2025’s largest cybersecurity IPO

• ⚔️ Aikido acquires AI pentesting startups Allseek & Haicker

• 🔐 Perplexity + 1Password secure agentic browsing - First major partnership addressing AI agents that take actions, not just answer questions

• 🚔 Unit 221B raises $5M for threat intel that gets arrests - Allison Nixon’s platform helped nab Scattered Spider members, serves 50+ Fortune 500

⚒️ Picks of the Week ⚒️

Collins Aerospace Ransomware Disrupts European Airports

This is probably the wildest story of the week.

A September 19 ransomware attack on Collins Aerospace’s MUSE check-in system forced major European airports into manual operations for over a week. Brussels Airport took the biggest hit, cancelling 50% of Monday, Sept 22 flights before abandoning MUSE entirely for an accelerated system replacement.

Heathrow reported 1,000+ corrupted systems with attackers maintaining persistence through initial recovery attempts. The incident exemplifies supply chain risk in aviation, where attacks have increased 600% year-over-year 🤯

Attribution: The attack has been linked to Cloak ransomware, a new group that emerged in August 2024. Spanish authorities arrested a 22-year-old suspect in connection with the incident. Cloak listed Collins Aerospace on their leak site, threatening to publish 43GB of stolen documents unless ransom is paid. The group appears connected to broader RaaS operations with similarities to established groups.

From Months to Hours: Accelerate Email Defense

Most security teams wait weeks—or months—for vendor updates, leaving them exposed.

Join us on October 2 at 12pm ET / 9am PT to see how to respond in hours, silence inbox flooding, and free up analysts with transparent, AI-assisted detections. See how Sublime puts you back in control—with approvals, diffs, and audit trails.

👉 Register here

RiskRubric.ai Launches AI Model Security Scoring

RiskRubric.ai introduced the first standardized security assessment platform for AI models, evaluating 150+ models across six risk dimensions with letter grades. Models undergo 1,000+ reliability tests and 200+ adversarial probes.

The platform was built in collaboration with Noma Security and the Cloud Security Alliance, with contributions from Gal Moyal, Caleb Sima, Michael Machado, Harmonic Security, and Haize Labs. Leading enterprises including Fortune 100s are already using RiskRubric.ai to jumpstart AI adoption, set AI security standards, and provide contextualized LLM risk intelligence to inform model selection.

Dig deeper on the methodology here.

Netskope IPO Raises $908M at $8.8B Valuation

Netskope’s September 18 IPO raised $908M at $19/share, with shares climbing 21% on opening to reach an $8.8B valuation. The SASE provider’s offering was 20x oversubscribed, marking 2025’s largest cybersecurity IPO to date. The strong reception reflects continued investor confidence in cloud security infrastructure as enterprises address AI-related security challenges.

GitHub Aims to Harden NPM Supply Chain After September Breaches

GitHub iss mandating 2FA, replacing long-lived tokens with 7-day limits, and implementing Trusted Publishers after September’s Shai-Hulud worm compromised 500+ packages and the Qix developer account fell to social engineering.

Scattered Spider: Three Arrests in $165M Crime Wave⛓️

Law enforcement arrested three Scattered Spider members as the broader collective’s activities topped $165M in damages:

The Arrests:

• Thalha Jubair (19) - UK arrest, found with $50M in cryptocurrency

• Owen Flowers (18) - UK arrest, linked to Transport for London attack

• Unnamed minor - Las Vegas arrest for 2023 MGM/Caesars casino attacks

The Bigger Picture:

• Scattered Spider extracted $115M in ransoms from 47 US organizations alone

• Major Victims & Impact:

  • Casino & Tech Giants: MGM lost 100M+ in revenue, Caesars paid $15M ransom, while LAPSUS -era hits included Microsoft, Nvidia, Okta, Samsung, and Uber

  • Mass Campaigns: T-Mobile breached 70+ times in 2022, Transport for London disrupted for months plus 130+ companies hit in SMS phishing including LastPass, DoorDash, Mailchimp, and Signal

• Group operates within “The Com” - marketplace for both cyber and physical attacks

• Jubair faces 95-year sentence if extradited to US

• Previous arrests show members return to crime within 24 hours of release

The three arrests represent a fraction of the wider Scattered Spider network, which continues operating despite law enforcement actions.

Fal.con 2025 Recap… Coming Soon

CrowdStrike’s annual conference took place in Las Vegas last week and they had more than a few fireworks. Similar to my Splunk .conf write-up, I’ll have a Fal.Con recap out in the coming week to discuss the latest developments and what it means for the industry.

For now, feel free to listen to this interview with CrowdStrike CEO, George Kurtz:

You can also dig through their announcements in the links below:

• CrowdStrike’s Enterprise Graph aims to redefine AI-era security

• CrowdStrike Advances Next-Gen Identity Security with Three Key Innovations

• CrowdStrike Stops GenAI Data Leaks with Unified Data Protection

• CrowdStrike expands Falcon with next-gen identity security and AI-era data protection

• Falcon for IT Redefines Vulnerability Management with Risk-based Patching

• Announcing Threat AI: Security’s First Agentic Threat Intelligence System

• CrowdStrike Collaborates with AI Leaders to Secure AI Across the Enterprise

Inside the Network with Sumit Dhawan, Proofpoint’s CEO 🎙️

Another banger from the Inside the Network crew. Proofpoint operates at $2B ARR and helps secure 85 of the Fortune 100. In this ep. we learn from their CEO how they operate and where he sees the industry heading.

🔮 The Future of Security 🔮

AI SOCs Under the Microscope: 12 Questions You Must Ask

Do AI SOCs really replace people—or just shift the risk? Many platforms cut costs upfront but struggle with incomplete telemetry, brittle integrations, and false positives that inflate budgets.

This guide arms you with 12 essential questions to evaluate AI SOC vendors objectively—so you can translate the pitch deck into measurable risks, real outcomes, and defensible decisions.

Get the Checklist

AI Security

Irregular Raises $80M for Frontier AI Security

Irregular secured $80M from Sequoia Capital and Redpoint Ventures to establish the first dedicated frontier AI security lab, conducting adversarial testing on next-generation models before deployment. The company already shapes industry standards: OpenAI references their evaluations in GPT-4/5 system cards, while UK government and Anthropic rely on their SOLVE framework for Claude 4 risk assessment.

They’ve co-authored foundational papers with Anthropic on confidential computing and RAND on AI model theft. Sequoia partner Shaun Maguire frames their mission: they’re developing defenses for AI threats that haven’t materialized yet.

Perplexity Partners with 1Password for Agentic Browser Security

Perplexity’s Comet AI browser integrated 1Password to secure credentials during autonomous browsing and task execution. The partnership maintains end-to-end encryption while the browser independently manages accounts, fills forms, and completes transactions.

This addresses a fundamental challenge in agentic AI: granting system access without exposing credentials.

More AI Security news ⬇️

• Eve Security Raises $3M Seed Round, Launches EveGuard for Agentic AI Security

• BeyondTrust introduces identity security controls for AI

Application Security

Aikido Acquires Allseek + Haicker = Aikido Attack

Aikido Security acquired Allseek and Haicker to automate penetration testing market, reducing assessment times from weeks to under an hour. Allseek contributes AI agents that model attacker behavior and map exploit paths, while Haicker brings founder Philippe Dourassov’s competitive hacking expertise translated into autonomous systems.

Their combined “Aikido Attack” platform employs specialized AI agent chains for reconnaissance, vulnerability mapping, and exploitation testing.

Governance, Risk, and Compliance (GRC)

RegScale Raises $30M for AI-Driven GRC

RegScale secured $30M+ in Series B funding led by Washington Harbour Partners, with participation from M12 and Hitachi Ventures, to transform compliance from manual processes to Continuous Controls Monitoring. The company reports tripling ARR as organizations address compliance gaps increasingly exploited by nation-state actors.

More GRC news ⬇️

• Mycroft launches with $3.5M to bring agentic AI to security and compliance

Threat Intelligence

Unit 221B Secures $5M for Threat Intelligence Platform

Unit 221B raised $5M led by J2 Ventures to expand eWitness, their threat intelligence platform that converts investigations into arrests. The platform has contributed to apprehending Scattered Spider members and recently RapperBot’s administrator Ethan Foltz.

Chief research officer Allison Nixon leads the invite-only platform that leverages human intelligence from vetted investigators, focusing on English-speaking youth hackers. The system bridges operational intelligence and prosecutorial requirements, currently serving 50+ Fortune 500 companies and multiple law enforcement agencies.

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of ~7,500 CISOs, practitioners, founders, and investors across 125+ countries 🌎

👉 Learn more here!

Bye for now 👋🏽

That’s all for this week… ¡Nos vemos la próxima semana!