Welcome to The Cybersecurity Pulse (TCP)! I'm Darwin Salazar, Head of Growth at Monad and former detection engineer in big tech. Each week, I bring you the latest security product innovation and industry news. Subscribe to receive weekly updates!

Subscribe now

Share

Fortify Your Google Workspace, from Gmail to Drive. Without Extra Headcount.

Protect the email, files, and accounts within Google Workspace from every angle. Material Security unifies advanced threat detection, data loss prevention, and rapid response within a single automated platform so your lean team can do more with less. Deploy in minutes, integrate with your SIEM, and let “set-it-and-forget-it” automation run 24/7. Gain multi-tenant visibility with enterprise-grade security without enterprise overhead.

Start Today

Want to sponsor the TCP newsletter? Learn more here.

Howdy! 🤠

I hope you’re having a wonderful week. Lots of wild, spooky stuff happening in the security world recently. No surprises there, however, $15B was seized from some terrible humans so that’s a silver lining.

Before diving in, a quick nod to training certifications. Legion Security recently put together a certification guide for security practitioners. They asked for my take on certs. While certs have been a hotly debated topic for a while now, I think they’re key in the early stages of your security career.

Check out the guide here to see what other practitioners think about certs in 2025. Also, look at this dope dragon avatar of me 🐉

Alright, let’s dive in 🔨

TL;DR 📰

• 💰 US seizes $15B in crypto from global crime ring – US+UK seized 127K BTC from a group that trafficked humans and ran large-scale fraud ops.

• 🧨 Oracle EBS 0-day exploited → 1.3 TB data leak – CL0P group exploited CVE-2025-61882, hitting ‘dozens’ of orgs. CL0P also behind the MOVEit breach (2,300+ orgs).

• 💋 AI girlfriend apps leak millions of intimate chats + images – Chattee Chat & GiMe Chat breached; 43M messages and 600K media files exposed. Highlights privacy risks as ChatGPT preps ‘Erotica’ features for December.

• 🧠 Inside the OWASP GenAI Security Project – Steve Wilson interview dives into AI security research and best practices.

• 🤖 Anvilogic enters its AI SOC era – Expands from detection engineering to AI-assisted investigations across SIEMs + data lakes.

• 🪪 Discord breach exposes 70K users – 3rd-party vendor handling age verification leaked govt ID data.

• 🧱 SonicWall cloud backup breach – Firewall configs, access rules, credentials and MFA seeds of cloud backup customers exposed. Potential impact on 500K+ customers.

• 🗒️ Risks of AI Notetakers – New write-up from Gadi Evron & Joe Sullivan warns of 3rd-party breaches and legal risks (Brewer v. Otter.ai). SOC2/GDPR issues make these tools a privacy minefield.

• 🟢 DryRun Security agents for PRs – Catch logic flaws + policy violations at every pull request stage.

• 💼 LevelBlue to acquire Cybereason – Marks the end of a wild journey.

⚒️ Picks of the Week ⚒️

US seizes $15 billion in crypto from Transnational crime group

The US and the U.K’s recently seized 127.2K Bitcoin (~$15 billion) from Chen Zhi who ran one of the largest transnational criminal groups. The group had 100 shell companies across 30+ countries and relied on human trafficking, sextortion, and modern-day slavery to carry out large scale fraud operations. The group operated at least 76K fake social media accounts and generated up to $30M daily at peak.

While Zhi is still on the run, this is a big win on many levels. This also has to be top 3 wildest/saddest stories of the year.

Anvilogic has entered its AI SOC era.

Built on years of detection engineering, Anvilogic now extends beyond detection into AI-assisted investigations running across SIEMs, data lakes, or a hybrid mix of both. Get more from the tools you already have, monitor more telemetry for less, and cut 45% of L1 fatigue while you’re at it.

Check out their agent suite

Oracle EBS 0-day exploited - 1.3 TB of data leaked by Cl0p group

Attackers began exploiting a 0-day vuln (CVE-2025-61882) via chained exploits against Oracle’s E-Business Suite back in early August. Reports say ‘dozens’ of customers have been hit. CLoP is demanding a total sum of $50M in ransom. They’ve dumped 1.3TB of data on their leak site and it seems Harvard Uni is amongst those impacted. CLoP is responsible for the 2023 MOVEit breach which impacted 2,300+ orgs.

Dig deeper:

• Google GTIG Write-up

• WatchTowr’s full exploit chain write-up 🔥

• CLoPs extortion email

AI girlfriend apps leaked millions of intimate conversations and images

Two AI companion apps (Chattee Chat and GiMe Chat) have been breached exposing ~43M messages and 600K images/videos from 400K+ users. Cybernews confirms much of the content is NSFW (Not Safe For Work).

This comes as OpenAI announces that ChatGPT will be rolling out ‘Erotica’ features in December. This goes without saying, and I probably sound like a parent saying this, but please do not upload anything to a digital device that you would be embarrassed (or worse) by if it gets leaked. Again.. This AI shit has created the wild west all over again and features like these are predatory on people’s mental health.

Discord data breach affects at least 70,000 users

Discord recently disclosed the exposure of ~70K user’s sensitive data exposure after a 3rd-party vendor breach. The vendor handles/d age-related appeals for age verification. Impacted data includes govt. ID photos like driver’s license. This breach is a loaded one due to recent age verification laws (i.e., UK’s Online Safety Act) being implemented in the US and EU. Privacy folks don’t like it and neither do I. The irony is that laws meant to protect users are starting to create repositories of sensitive user info.

I feel there has to be a better way to verify age at scale other than collecting govt. ID.

SonicWall: Firewall configs stolen for all cloud backup customers

More bad news. The firewall configs of all ‘MySonicWall’ cloud backup users has been exposed. This includes network topology, security policies, access rules as well as credentials, MFA seeds and more. I don’t think SonicWall has disclosed the # of impacted customers, but they do have 500K+ customers. Breaches like this create a hell storm for customers.

Take Note: Cyber-Risks With AI Notetakers

AI notetakers are the ultimate productivity hack, but they also pose a ton of risk. 3rd party breaches are pretty common so that’s one concern. But these notetakers also pose legal + compliance risks. Some notetaking apps have shady usage policies and aren’t SOC2 compliant or GDPR-friendly.

This write-up by Gadi Evron and Joe Sullivan enumerates the risks and tactical guidance on what security leaders should be doing to protect their organizations.

The write-up also covers the Brewer v. Otter.ai class action lawsuit which I was not aware of. This goes without saying, but AI has created the wild west all over again.

🔮 The Future of Security 🔮

🟢 Your Application Security Agents 🟢

Stop Risk at the Pull Request

Put a custom DryRun Security agent on every PR to flag logic flaws, policy violations, and complex vulnerabilities with clear steps to remediation. Define secure coding policies in plain English and enforce them on every PR. Developers get guidance, security gets coverage.

Secure every PR

AI Security

Inside the OWASP GenAI Security Project - Steve Wilson 🎙️

This is a fantastic interview that gives us a behind-the-scenes look at the OWASP GenAI project.

More AI Security news ⬇️

• Securing agentic AI with intent-based permissions - Token Security

Data Security

BigID Unveils MCP Server to Connect Enterprise Data with AI Agents

BigID has launched an MCP server that allows its platform to leverage AI agents to gather security context for enterprise data with fine-grained RBAC while only accessing metadata. Security vendors adopting MCP servers has been a big trend this year and it makes sense as it unlocks a level of integration with ease + speed that benefits the user. It does also pose critical security risks so it’s great seeing BigID placing an emphasis on security with their MCP launch.

Identity and Access Management

Ploy raises $3.33M to tackle IGA market

UK-based IGA startup, Ploy, has raised a £2.5 million seed round led by Osney Capital, with participation from Superseed, Tiny.vc and Rule30.

More IAM news ⬇️

• 1Password and Browserbase Partner to Secure Credential Access for Agentic AI Automation

• CyberArk unveils new capabilities to reduce risk across human and machine identities

Security Operations

LevelBlue to Acquire Cybereason, Expands MSSP Reach, Strengthens Managed Security and XDR Portfolio

The Cybereason saga has come to an end. LevelBlue (formerly AT&T Cybersecurity) has agreed to acquire Cybereason. At its peak in 2021, Cybereason raised $325 million at a $3.1 billion valuation and confidentially filed for an IPO expecting $5 billion. Within a year, valuation dropped to approximately $300 million. The company conducted three major layoff rounds between 2022-2024, cutting over 300 employees. Headcount fell nearly 60% from a peak of 1,374 employees in March 2022. Gartner downgraded Cybereason from leader in endpoint protection (2022) to visionary (2023) to niche player (2024).

Earlier this year, Cybereason secured a $120 million emergency investment amid boardroom disputes and a lawsuit by former CEO Eric Gan. The company scrapped a planned November 2024 merger with Trustwave, which LevelBlue then acquired in July 2025.

Terms of the deal undisclosed. What a wild ride for Cybereason.

More SecOps news ⬇️

• PagerDuty debuts end-to-end AI agents to automate and accelerate incident management

• Recorded Future Brings Autonomy to Threat Intelligence with Continuous, AI-Driven Defense

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of ~7,500 CISOs, practitioners, founders, and investors across 125+ countries 🌎

👉 Learn more here!

Bye for now 👋🏽

That’s all for this week… ¡Nos vemos la próxima semana!