Welcome to The Cybersecurity Pulse (TCP)! I'm Darwin Salazar, GTM lead at Monad and former detection engineer in big tech. Each week, I bring you the latest security product innovation and industry news. Subscribe below for weekly updates!

🫱🏽‍🫲🏻Navigating M&A: What every security leader needs to know🫱🏽‍🫲🏻

M&A is exciting – new products, new colleagues, new possibilities. Often overlooked, cybersecurity can make or break the success of the entire deal.

Join 1Password & Canva security leaders Dave Lewis, Wendy Nather, and Kane Narraway on July 17th at 12:30PM PT / 3:30PM ET as they draw on the collective experience of 30+ M&As to examine the security implications of M&A, outline strategies for mitigating risk, and demonstrate why security architecture must be embedded in the due diligence period.

Register for the Webinar Here!

What’s up everyone! 👋🏽 Hope you’re doing splendidly wherever you’re reading this from. We’re just under 3 weeks away from Hacker Summer Camp, one of my favorite times of the year. There’s a ton of new products, partnerships, M&A, funding, and research being announced over the coming weeks which I’ll have you covered for.

We also have a few surprises up our sleeves at Monad and here at TCP 😉. That’s all I can share for now. That said, this week had its own fireworks so let’s dive in.

Tl;dr

• 🤺 MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats

• 💰 Trump's One Big Beautiful Bill reshapes US cyber spending - $1B for offensive ops in APAC, $1B cut from defense; healthcare sector cybersecurity devastated

• 🔨 GPUHammer: New RowHammer Attack Variant Degrades AI Models - U of Toronto researchers find NVIDIA GPU vulnerability that can drop AI accuracy from 80% to <1%

• 🚀 Crash Override raises $28M for Engineering Relationship Management - Ex-OWASP founder's startup brings CRM-like visibility to software supply chain

• 🚨 Critical mcp-remote Vulnerability (CVE-2025-6514) - CVSS 9.6 RCE affecting 437K+ downloads when connecting to malicious MCP servers

• 🚔 Four Arrested in $592M UK Retail Cyber Attacks - Scattered Spider members hit Marks & Spencer, Co-op, Harrods with ransomware

• 🤝 Accenture-Microsoft GenAI Security Partnership - Nationwide Building Society case study showcases Sentinel + Security Copilot integration

• 💸 Cyberstarts' $300M Employee Liquidity Fund - Unique vehicle lets portfolio employees cash out vested shares pre-exit

• 🎵 Mantis (Chainsmokers' VC) raises $100M Fund III - Security portfolio includes Chainguard, Edera, Incident.io

Let’s cyber 🕺🏽

⚒️ Picks of the Week ⚒️

MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats

MITRE recently released their AADAPT (Adversarial Actions in Digital Asset Payment Technologies) framework which is basically the ATT&CK framework, but for cryptocurrency systems. It includes 11 attacker tactics and 38 techniques tailored to blockchain and cryptocurrency threats.

It covers crypto-specific attacks like:

• Flash loans and smart contract exploits

• Double-spending attacks

• Chain reorganization

• Eclipse attacks (isolating blockchain nodes)

This provides amazing detection ideas and opportunities. Definitely worth checking out if you’re building or securing things in the crypto space.

🧘🏽‍♂️ AI-Powered Investigations, Zero Analyst Burnout 🧘🏽‍♂️

Drowning in noisy alerts and slow triage? Your analysts deserve better. Prophet Security’s Agentic AI SOC Analyst automates full-context alert investigations with machine speed and precision—cutting through the noise so your team focuses on real threats.

Free your analysts from alert fatigue. Speed up response. Catch what matters.

Request a demo today!

Cybersecurity impacts from Trump's One Big Beautiful Bill

Trump's "One Big Beautiful" bill was recently passed into law and with it come a lot of changes to how the US will allocate its money in coming years. A few of those changes have raised concerns in DC and the cybersecurity community. The bill allocates $1B of funding for offensive security operations in the APAC region while cutting back $1B in defensive security operations.

Congress recently had a hearing discussing how the bill will devastate cybersecurity for the healthcare sector which is still recovering from the Change Healthcare breach.

GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs

Remember the Spectre and Meltdown CPU vulnerabilities? Well, University of Toronto researchers have found something similar in NVIDIA GPUs. The attack flips bits to tamper with GPU memory and degrade performance over time, in some cases degrading an AI model's accuracy from 80% to less than 1% 🤯. NVIDIA is urging customers to enable System-level Error Correction Codes (ECC) to defend against this variant of attacks.

You can access the full research paper for free here: https://gururaj-s.github.io/assets/pdf/SEC25_GPUHammer.pdf

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

The Model Context Protocol (MCP) has been a massive value + efficiency add for agentic AI workflows by enabling AI connectivity to many enterprise SaaS apps, databases, and AI models. It makes sense why engineering teams have raced to leverage MCP servers or build their own. However, this doesn't come without security risks as we've covered several times on TCP before.

Just recently Jfrog's research team discovered + disclosed a critical vulnerability (CVE-2025-6514 + CVSS 9.6) in mcp-remote that allows attackers to execute arbitrary commands on victim machines when connecting to malicious MCP servers, affecting 437,000+ downloads.

This report has a full breakdown of the vulnerability including mitigations: https://jfrog.com/blog/2025-6514-critical-mcp-remote-rce-vulnerability/

Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods

UK authorities arrested 4 people (two 19-year-olds, one 17-year-old, and a 20-year-old woman) for cyber attacks on major retailers publicly traded Marks & Spencer, Co-op, and Harrods causing ~$592M in damages. The four are believed to be connected to the Scattered Spider group and the DragonForce ransomware group.

🔮 The Future of Security 🔮

AI Security

AI Trust Score Ranks LLM Security

Tumeryk, an AI security company, has been maintaining an AI trust score catalog for foundational models. In their most recent assessment, Gemini 2.5 pro receives the highest trust score (899/1000), while DeepSeek received a 741/1000.

The models are evaluated across 10 factors including fairness, security, supply chain vulns, and toxicity. You can download the full report here (gated): https://tumeryk.com/aitrustscore-report

More AI Security news ⬇️

• Cybersecurity Snapshot: AI Security Field Gets Boost from New CSA Framework and from SANS - OWASP Partnership

• Token Security launches two features to secure AI agents and machine identities

Application Security

Crash Override raises $28M in seed funding

Crash Override, founded by Mark Curphey and John Viega, recently announced seed round funding of $28M from Google Ventures (GV), SYN Ventures, Blackstone, and Bessemer. Curphey founded the OWASP in 2002 while Viega has held executive roles at Raytheon + McAfee.

The team has built what they're calling an "Engineering Relationship Management (ERM)" platform which provides full traceability across every stage of the software supply chain and build processes all the way into the cloud or wherever you're deploying. They're aiming to be the single source of truth for engineering teams.

Stellar team solving one of our time's most difficult challenges, now backed with $28M and world-class investors. Great company name (Hackers), great no-BS blog posts, and aesthetically pleasing site. Mega kudos to whoever did their branding + site. It'll be great to see what their team accomplishes in the coming years!

GitGuardian Launches MCP Server to Bring Secrets Security and Agentic AI to Dev Environments

GitGuardian recently launched an MCP server that lets AI agents in developer IDEs automatically detect and fix hardcoded secrets in real-time as code is written. This is a big step forward in realizing the 'shift left' vision and removing friction between dev and security teams 🔥

More AppSec news ⬇️

• AWS launches Kiro, its Cursor clone

• Pentera unveils capability to detect Git repository risk exposure

Data Security

Data security startup Virtru raises $50M in funding

Virtru has raised $50M in Series D funding in a round led by Iconiq with participation from Bessemer Venture Partners, Foundry and The Chertoff Group. The founder, Will Ackerly, is former NSA and the company commercialized an open-source file format called 'TDF' which enables entities to security share sensitive data. Their platform is used by over 6.7K customers including Salesforce, Netflix and CapitalOne.

More data security news ⬇️

• pqcscan: Open-source post-quantum cryptography scanner

IoT Security

Zscaler Launches Zero Trust SIM for IoT Devices, Eliminating VPN Needs

Zscaler has launched a cellular SIM card to enable IoT/OT devices to communicate over cellular networks in a Zero Trust fashion. Massive revenue generating opportunity for Zscaler given how much more room IoT adoption has to run with the incoming robotics golden era.

Security Operations

Accenture and Microsoft Expand Collaboration on Gen-AI Powered Cyber Solutions

This was an interesting blog post/case study that talks about how Accenture and Microsoft have been partnering to help their customers. The post highlights how they leveraged Microsoft Sentinel, Security Copilot, Defender, Purview, M365 E5 Security, Entra along with Accenture's in-house expertise to deliver the latest of their offerings to largest building society in the world, Nationwide Building Society.

Accenture and Microsoft have been in bed for a long time. Accenture has tons of massive, multi-year contracts with large enterprises to help with security. As a proud former Accenture-er, It's great to see Accenture continuing to innovate and execute at the highest levels of security.

More SecOps news ⬇️

• Stellar Cyber 6.0.0 enhances automation, workflow intelligence, and user experience

• Zip Security Raises $13.5 Million in Series A Funding

• Huntress Expands Microsoft Integration to Help MSSPs and SMBs Maximize Security Investments

• AirMDR Raises $15.5M for Scalable AI-Driven MDR, MSSPs benefit

Venture Land 🏝️

Cyberstarts Launches $300M Liquidity Fund to Help Startups Retain Top Talent

Cyberstarts recently unveiled their Employee Liquidity Fund (ELF) at a total of $300M. This is a unique investment vehicle aimed at allowing Cyberstarts portfolio company employees to cash out on their vested shares without any acquisition or IPO event. This is the first time I've seen anything like it so I'm wondering what the driving force behind it is. Sure, it helps retain top talent, but has there been a leakage of top talent from some of Cyberstarts top portco's?

Mantis raises 3rd fund at $100M

Mantis, the Chainsmoker’s VC fund, has a pretty strong track record across security, AI/ML, enterprise apps, gaming and healthcare tech. Some of their security portco’s include Chainguard, Edera, and Incident.io. Will be cool seeing how they deploy the cash.

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of ~6,000 CISOs, practitioners, founders, and investors across 100+ countries 🌎

👉 Learn more here!

Bye for now 👋🏽

That’s all for this week… ¡Nos vemos la próxima semana!