⚡ TCP #76: $1.5B ByBit Hack; Series A Palooza; and Product News

What's hot in security | Feb. 19th - Feb. 26th, 2025

Feb 26, 2025

Welcome to Issue 76 of The Cybersecurity Pulse! I'm Darwin Salazar, PM at Monad and former Detection Engineer. Each week, I dig through 1,000+ headlines to bring you the latest security product innovation and industry news. Stay ahead of the curve and receive my updates directly to your inbox by subscribing below. Share with a friend if already sub’d! 📩

Busy week. $1.5B pilfered from a crypto exchange. Lots of great startups tackling hard problems raised their Series A. Spring must be in the air.

Let’s cyber 🕺🏽

Extend Your SOC Team with AI-Powered Security Operations

Tired of an endless alert backlog and too many false positives?

Intezer's Autonomous SOC solution automates investigations and triage decisions, freeing up your team to focus on what matters most. Discover how enterprise teams and top MSSPs are using AI-powered alert triage to cut through the noise, enhancing their SOC analysts' efficiency and accuracy.

👉 See Intezer in action – Book a demo

Interested in learning about sponsoring TCP? Learn more here or reach out to us directly at sponsorships@cybersecuritypulse.org!

⚒️ Picks of the Week ⚒️

$1.5 Billion Stolen in Bybit Cold Wallet Attack

Bybit Attack Flow
1. Social Engineering
• *Ito awoving malOus
transactions by compromising their
2. Initial Transaction
•The attacker stolen sOnatures to
perform an ExecTransaction a Gnosis Safe
3. Contract Manipulation
• Delegates to attacker's contract to execute
malicious payload

This is not the first and certainly not the last time that a crypto exchange is hit for millions/billions. Pains me to even write that..

In any case, what's wild about this attack is that the attackers managed to get access to the cold wallet where crypto is supposed to be most safe.

The attack has sent the crypto industry reeling, not only because of the dollar value, but because, as Check Point researchers put it: "The Bybit hack has shattered long-held assumptions about crypto security."

For the full breakdown and implications of the attack, check out Check Point's report here: https://research.checkpoint.com/2025/the-bybit-incident-when-research-meets-reality/

How Amazon S3 Stores 350 Trillion Objects with 11 Nines of Durability

Amazon S3 processes millions of requests per second and stores over 350 trillion objects, all while maintaining 11 nines (99.999999999%) durability and low-latency access 🤯

This report from

ByteByteGo Newsletter

covers it's history, architecture, how it writes data, and how it's able to maintain legendary uptime.

From what I'm seeing in the field, S3 has become a very popular storage destination for security teams due to it's reliability, cost-effectiveness (data tiering), and evolving capabilities like S3 Tables. Vendors like Scanner.dev are ahead of the curve in enabling security teams to use S3 for more than just data storage.

As more security tooling is built around S3, I expect it to become a great alternative to SIEMs.

Tamnoon 2025 State of Cloud Remediation Report

Tamnoon analyzed 4.76 million CNAPP and CSPM alerts and discovered some pretty damning findings:

Average Mean Time To Remediate (MTTR) remains extremely high at 128 days
'Critical' and 'High' severity findings made up 35.1% of all alerts.
'Critical' severity findings take 2x longer (~235 days) to resolve.

Truth is that remediation is hard and requires a lot of cross-team collaboration (infra, network, IT etc.), cloud hygiene (i.e., proper resource tagging), and understanding of potential downstream implications. This is a tough challenge when most security teams are drowning in millions of alerts across all their tools.

"The longer a vulnerability sits open, the greater the risk of exploitation." as my friend Pramod Gosavi has said it. Remediation is the last mile where the rubber meets the road, yet it's one of the areas given least attention to. Tamnoon's solutions and services help a ton with this and as with most security problems, it's requires cultural/human shift.

PS. Shoutout to the Tamnoon team for the hard copy of the report! 🔥

📰 Product News 📰

Product News. My favorite kind of news.

AI Security

Offensive AI Startup Dreadnode Secures $14M Series A

Strikes
Malware Operations
Malware Operations
created Feb 12, 2025 at • 3 days ago
DEEPSEEK-RI
CLAUDE -3.5-SONNET
o
ø.2
01 -PREVIEW
GEMINI-I. 5-PRO
LLAMA-3.3-7ØB
OWEN-2.5-32B
GPT-40-MIN1
All Runs
Q Search
0.17
0.1
0.23
AVG
029
ø.3
ACCURACY BY MODEL
0.4
0.47
0.46
ø.5
Status
Show All

Dreadnode has raised a $14M in a Series A round participated in by Decibel, In-Q-Tel, and few other firms.

They have two core offerings, 'Strikes' and 'Spyglass', the focus on red teaming AI systems. Strikes is a pre-deployment security testing environment and Spyglass is a post-deployment continuous testing solution.

While the product offerings address emerging critical pain points, what's most impressive is their team. Lots of Red Team DNA from NVIDIA, Meta, and NetSPI. All-star squad. Will be great to watch what they build!

Cloud Security

Introducing Wiz Lens: Role-based views for every security team

WIZ +
for g Data Security
00 Dashboard
O Issues
Discovery
All projects v
Data Security
Data Security Score
84%
27 Jan
Data Impact Stages
206
Resources with sensitive data
Data Security Framework
Name
+++ Ask Mika
Opened and Resolved Issues
Data Security Issues by Severity
What is your primary focus? Preview
Align the portal with your area of responsibility
o
Findings
Datastores
Identities
Entitlements
Compliance Heatmap
Compliance Posture
O
10 F
C)
85
Critical
O
I manage all aspects of security
Vulnerability Management
Identity Security
Container & Kubernetes Security
Secure Cloud Configuration
Compliance Posture
o
Past 30 days
Data Security
Secure Development
Threat Detection & Response
Executive Overview
x
27 Jan
Management
Policies
O Subscriptions
@ Settings
OR
O
O
O
Done
Unmodified Bucket
Inactive Object
Orphaned Snapshot
Classification by Data Type
56
42
4
Passed Checks

Part of the challenge security solutions face is presenting the right information to the right persona at the right time. This is even truer for platforms with many capabilities such as CNAPPs. To address this, Wiz recently rolled out a feature called "Wiz Lens" which helps create curated views depending on the persona. Yet another W for the Wiz product team! 👏🏽

More cloud security news ⬇️

Edera raises $15M to expand workload isolation technology and AI security [Congrats to Emily, Alex, and the Edera crew! 🚀]
RAD Security Gets $14 Million in Funding for AI, Cloud Platform [Huge congrats to Jimmy, Brooke and team! 🎉]
Gomboc AI secures $13M to tackle cloud security backlogs with deterministic AI

Data Security

Google Cloud Shields Data With Quantum-Resistant Digital Signatures

Google Cloud has released 'quantum-proof' signatures for their Key Management System (KMS) service. The two new algorithms supported are:

FIPS 204 (ML-DSA-65 or CRYSTALS-Dilithium), a lattice-based digital signature algorithm
FIP 205 (SLH-DSA-SHA2-128S or Sphincs+), a stateless hash-based digital signature algorithm

This comes on the heels of Google Cloud's CISO recommending orgs get started on their post-quantum cryptography migration soon and Microsoft's recent quantum breakthrough, Majorana 1.

There's been a lot of talk about a post-quantum world and the idea that it would render all traditional encryption useless.. Many people troll about it and say that we're very far from that reality. Truth is that AI has accelerated many timelines beyond comprehension and I believe that quantum is one of those timelines. So yeah, if you're a security leader, I'd say it's time to start taking inventory and considering what your migration plan may look like.

More Data Security news ⬇️

Endpoint Security

NinjaOne raises $500M Series C extension at $5B valuation

@ Dashboard
Overview
OS type
Devices v
Patching
Software
Vulnerabilities
Backup
Activities
Knowledge Base
Device role
(174/222 devices)
Patch category
patches installed @
Device state: Online in the las...
patching compliance
78.38%
Device patch enablement
Devices With last scan failed
Devices with no scan in 30 days
Devices with failed patches
Top 10 devices With most approved
and pending patches
Aus-DEMOVEN-11.lacal
sup- mon t e re y-jhl b
HVWlNSVR201E01
Installed
Approved
79.08%
Failed
Pending
Approved and pending patches by age
13,936
15
13
Device Count by OS version
Windows 10 (19045)
Windows 2019 (177631
centos Linux 8
Windows server 2016 (14393)
Windows 11 122000)
ubuntu 20,04
macos 10 (13G9323)
13 122A3801
Windows 11 (22631)
10 ngoadJ

NinjaOne, an endpoint management provider based in Austin, TX (🙌🏽), has raised an additional $500M Series C extension at a valuation of $5B. Amongst their customers are Nvidia, PwC, and the PGA Tour.

Security Operations

Most of this week's SecOps news is about exposure management. Asset inventorying + exposure analysis is table stakes for any platform company in 2025.

Zscaler launches Asset Exposure Management for asset tracking

Zscaler has launched their 'Asset Exposure Management' solution built on top of their "Data Fabric for Security" which is basically their word+UI wrapper on their acquisition of Avalor which I wrote about in depth here.

More SecOps news ⬇️

Interested in sponsoring TCP?

Let's Grow Together!🫱🏽‍🫲🏻

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of over 5,200 CISOs, practitioners, founders, and investors across 100+ countries 🌎

Find out more here!

Bye For Now!

That’s all for this week… ¡Nos vemos la próxima semana! 👋🏽

The Cybersecurity Pulse (TCP)

Discussion about this post