Welcome to The Cybersecurity Pulse (TCP)! I'm Darwin Salazar, Product + Marketing at Monad and former detection engineer in big tech. Each week, I dig through all the major headlines to bring you the latest security product innovation and industry news. Subscribe below for weekly updates! 📧

Spying on North Korean hackers in real-time: an npm malware saga

At 1 p.m., our malware analysis engine alerted us to a potential malicious package that had been added to NPM. The first indications suggested this would be a clear-cut case; however, when we started peeling back the layers, things weren’t quite as they seemed…

Here is a story about how sophisticated nation-state actors can hide malware within packages.

Watch the breakdown here

Welcome back to another issue of TCP! Memorial Day is behind us which means summer is almost here 🔥. I must admit, it is hard to manage a weekly newsletter, a founder-like role at a startup, and a personal life. However, it is very rewarding and there’s not much else I rather be doing with my time and energy.

That said, we’ve recently opened up a free, self-serve tier at Monad and launched a slew of new features and integrations. Check out our product release notes for May here.

Now a bird’s eye view of this week’s newsletter:

Tl;dr

• ⚖️ Zscaler acquires Red Canary

• 🕵️‍♂️ NIST introduces new vulnerability scoring metric, Likely Exploited Vulnerabilities (LEV)

• 🇺🇸 US Senators propose a new initiative to consolidate cybersecurity regulations

• 📊 An inside look at Varonis’ 2025 State of Data Security report

• 🚦 Prompt Security launches MCP Gateway

• 🧩 Chainguard introduces new multilayer container images

• 🤖 Cisco launches Duo IAM

• 🧱 Checkpoint acquires Veriti #ExposureManagement

Okay cool, let’s cyber 🕺🏽

⚒️ Picks of the Week ⚒️

Zscaler Announces Deal to Acquire Red Canary

Red Canary is a market leader in Managed Detection & Response (MDR) services and has their own SecOps platform which includes a SOAR, 200+ integrations, threat intel, and a security data lake. Equally as important, they have a ton of internal SecOps SMEs, a very strong brand and a great track record in our space. They're the team behind Atomic Red Team which is used by SecOps teams worldwide and they produce what I believe to be the best vendor report in all of security.

This acquisition along with last year's pick up of Avalor ($350m), positions Zscaler well in the 'platformization' and AI race moving forward. CrowdStrike, Microsoft, Palo Alto Networks, Google all have recently made their foray into SecOps in the past 5-6 years and this is Zscaler filling the gap in that space. While deal terms have not been disclosed, I can imagine that they paid a pretty penny somewhere in between $1b - $5b.

Side note: Zscaler founder & CEO, Jay Chaudry, is one of the greatest CEOs of our time. More on him and the Zscaler story here:

Stop breaches before they start.

Most teams don’t have big security budgets or dedicated squads. Intruder delivers continuous attack surface monitoring, risk-based prioritization, and proactive cloud defense—without the noise of false positives.

Get a single platform for vulnerability scanning and cloud security, with clear findings and faster resolution so you can focus on what matters and stay ahead of threats.

Start your free trial

Security Theater or Real Defense? The KPIs That Tell the Truth

Key Performance Indicators (KPIs) are how you measure performance of something over time. In security, it's one of the best ways to measure your defenses, identify areas of improvement, and for security leaders to justify budgets for new headcount and tooling.

The issue is choosing what to measure. This post from Torsten George takes a deep look at common pitfalls and choosing what to track to avoid the security theater. Worth a read whether you're a builder or a practitioner!

2025 Varonis State of Data Security report

The accelerated enterprise adoption of AI has brought about new risks and concerns around data security. AI agents and apps operate differently (permissions, activity etc.) compared to traditional SaaS apps. Up until recently, we didn't have much data to accurately shine a light on the status of how enterprises are handling the security of this new class of tools.

This new Varonis report (ungated) takes a look at 1,000 organizations and over 10 billion cloud resources to assess the state of data security in 2025. While the report covers all aspects that contribute to data security including cloud identity sprawl, cloud misconfigs etc. I naturally gravitated toward the Salesforce Agentforce and Microsoft 365 Copilot sections which show the dark side of enterprise AI adoption (stats shown above).

NIST Introduces New Metric to Measure Likelihood of Vulnerability Exploits

NIST has introduced/proposed a new vulnerability scoring metric called "Likely Exploited Vulnerabilities". The initiative is aimed at helping security teams prioritize which vulns to act on based on exploitation likelihood. The metric builds on EPSS scoring and is meant to augment the CISA KEV vuln db.

My thoughts on this are that it's great to see continued investment in improving how vulns are scored and communicated. However, after all the CISA and NIST NVD drama over the past 18 months, I really wish the private sector would come together to consolidate and align on metrics + tooling to help soothe the trash of vuln management. Otherwise, efforts will always be splintered.

You can access the full NIST LEV pdf here.

Vulnerabilities in CISA KEV Are Not Equally Critical: OX Security Report

Speaking of vulnerabilities, this report from OX security takes a very tactical look at 10 critical CISA KEV vulns to identify which would be truly critical for containers. The report basically shows what's wrong with taking CISA KEV or any other vuln db at face value. Security teams must do the extra leg work to contextualize and prioritize vulns to determine a) whether they're applicable to their stack and b) how should they prioritize patching. You can get the full report here.

Bipartisan US Senate Duo proposes a new initiative to consolidate cybersecurity regulations

Two senators, Gary Peters and James Lankford, have brought back the "Streamlining Federal Cybersecurity Regulations Act" which would aim to consolidate cybersecurity reporting rules in the private sector.

This would be a huge win for the security industry so hopefully it gets through!

Marks & Spencer (M&S) Projects Cyberattack Cost of $400M

M&S is a British retailer that recently suffered a cyberattack which caused it to stop taking online orders. They estimate to take $400M+ hit on their bottom line this fiscal year due to the attack.

🔮 The Future of Security 🔮

AI Security

Prompt Security launches MCP Gateway

Prompt Security has launched the MCP Gateway and MCP Risk Assessment tools to address emerging security challenges posed by Agentic AI systems utilizing the Model Context Protocol (MCP). These solutions offer real-time visibility, endpoint-level control, and continuous risk scoring for AI interactions, aiming to mitigate threats such as prompt injection, tool misuse, and unauthorized MCP deployments

Operant AI Open-Sources Red Teaming Tool for AI and Cloud Security

Woodpecker is an open-source tool that automates red teaming capabilities for API, Kubernetes, and AI security.

Application Security

Chainguard introduces new multilayer container images

Chainguard has introduced a multilayer container image architecture that intelligently groups packages by their source origin, replacing its previous single-layer design. The new capabilities enable faster updates by refreshing only the modified layers, leading to a 70–85% reduction in data transfer during updates. This is particularly benefiting for large, frequently updated workloads like AI and machine learning apps.

More AppSec news ⬇️

• StackHawk Secures $12M to Tackle API Security Challenges in AI-Driven Development

• Vibe coding company says Claude 4 reduced syntax errors by 25%

Cloud Security

Aikido unveils AI Cloud Search

Aikido has aggressively been moving into the cloud security space and this is yet another feature that will make that vision a reality for their customers. With AI cloud search, users can query info about their cloud resources and environment in natural language which reduces the need to know a complex query language.

Aikido is certainly one to watch as they expand their cloud security offerings.

More Cloud Security news ⬇️

• F5 Extends Ability to Scale and Secure Network Traffic Across Kubernetes Clusters

Endpoint Security

LimaCharlie Adds Endpoint Protection Controls to Streamline Microsoft Defender Management

LimaCharlie has introduced a new extension to its SecOps Cloud Platform, offering native support for Microsoft Defender Antivirus across all Windows endpoints removing the need for custom integrations.

Identity Security

Cisco introduces Duo Identity and Access Management to enhance identity protection in the AI era

Cisco has launched 'Duo Identity and Access Management (IAM)', a solution that builds upon Duo's MFA capabilities. The new IAM platform introduces features like a unified user directory, an Identity Routing Engine for seamless integration with multiple identity providers, and advanced phishing protections such as Complete Passwordless and Proximity Verification.

More Identity Security news ⬇️

• Token Security unveils MCP Server for non-human identity security

• Cerby raises $40M Series B

Offensive Security

Offensive Security startup Horizon3.ai is raising $100M in new round

Horizon3.ai, an autonomous pentesting startup, is looking to raise a $100M Series D and has already secured $73M.

SaaS Security

Reco unveils specialized agents for SaaS Security + Compliance

Reco now offers 8 purpose-built AI Agents designed to tackle every major SaaS threat vector—from shadow IT and anomalous user behavior to third-party risk, misconfigurations, and compliance gaps.

Vulnerability Management

Checkpoint acquires Veriti

Veriti is an exposure management solution and integrates well with Checkpoint's existing offerings.

More Vulnerability Management news ⬇️

• Picus Rolls Out Exposure Validation to Help Security Teams Focus on What Actually Matters

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of ~6,000 CISOs, practitioners, founders, and investors across 100+ countries 🌎

👉 Learn more here!

Bye for now 👋🏽

That’s all for this week… ¡Nos vemos la próxima semana!