TCP #96: PANW To Acquire CyberArk for $25B; Cost of Breach $10.22M; the TEA breach; and Tons of Pre-Hacker Summer Camp News
What's hot in security🌶️ | July 23rd - July 30th, 2025
Welcome to The Cybersecurity Pulse (TCP)! I'm Darwin Salazar, GTM lead at Monad and former detection engineer in big tech. Each week, I bring you the latest security product innovation and industry news. Subscribe below for weekly updates!
APT Groups Are Hijacking NPM & PyPI Packages: safechain protects you from malware upon install
A1 bad install, like a typo, a hijacked maintainer, or a hidden payload, and you're suddenly leaking secrets or mining crypto for someone else….
SafeChain wraps every npm CLI, npx, yarn, pnpm, and pnpx install. It blocks malicious packages in real time, protecting developers from supply chain attacks. No more installing ‘regret.exe’
👉 Want to sponsor the TCP newsletter? Learn more here.
What's up! 👋🏽 Hope you're doing well and enjoying your summer wherever you're tuning in from! It's the week before hacker summer camp so everything is on hyperspeed. New research, funding rounds, startups, products, partnerships etc. Everything all at once. Fun times.
This will be my 7th hacker summer camp. My first was DEF CON 25 in 2017. DEF CON (1993) predates Black Hat by four years (1997) and there would be no hacker summer camp without it. Though things have changed drastically in recent years (we're now at an actual convention center and 30k+ attendees), this documentary is a great primer to the hacker ethos that fuels the week year after year:
Most hacker summer camp advice could be summed up by 1) stay hydrated 2) it's all about the people 3) you don't need a burner phone.
That said, I'll be there this year from Aug. 3 - 10. We're hosting an event at 550ft in the sky during sunset hour on Tuesday and I'm thinking about hosting an early workout session on Wednesday. Either RSVP through the link or ping me if you're interested in coming to either!
TL;DR
🍵The Tea app breach exposes 1.1M private message and 72K photos
🔮The Future of Data Security TCP report focusing on the convergence of data security and AI is live!
📈Cost of Data Breach in US Rises to $10.22 Million, Says Latest IBM Report
🧮The DSPM and AI security markets are projected to reach $17.87 billion and $4.8 trillion respectively by 2033.
🌱Root Evidence emerges out of stealth w/ $12.5M. Founded by RSnake, Jeremiah Grossman and co. Same DNA as Bit Discovery (acq. by Tenable) and WhiteHat Security.
🤖Prophet Security raised $30 million in Series A funding led by Accel
⚔️ Legion emerges from stealth w/ $38M through Series A. AI SOC in the browser. Microsoft Sentinel Alumni.
👁️BlinkOps raises $50M for specialized micro-AI security agents
🕵️Nebulock raises $8.5 million for AI-powered threat hunting.
~20 more announcements
Let’s cyber 🕺🏽
⚒️ Picks of the Week ⚒️
Palo Alto Networks Announces Agreement to Acquire CyberArk for $25B 💰
Last week, the rumor was that Palo Alto may buy SentinelOne for $8-10B. Yesterday, rumors swirled that PANW 0.00%↑ was closing in to acquire CyberArk ( CYBR 0.00%↑ ) for ~$20B. Less than an hour ago, it was confirmed that they've agreed to acquire CyberArk for $25B.
Seems like Nikesh and co. are having a lot of fun these days. The platform play they were ridiculed for in Feb. '24 has been paying off. They currently have 3 platforms, cloud/appsec/AI Security, SecOps, and network security. Identity will form the 4th.
2 major acquisitions by PANW this year, Protect AI and CyberArk. Amazing execution. Tim Prendergast, founder of Evident.io (acquired by PANW 0.00%↑) and now, StrongDM (CYBR 0.00%↑ competitor) has some thoughts (here) on the acquisition + what integration may look like 😬
🧘🏽♂️Extend Your SOC Team with AI-Powered Security Operations 🧘🏽♂️
Tired of an endless alert backlog and too many false positives?
Intezer's Autonomous SOC solution automates investigations and triage decisions, freeing up your team to focus on what matters most. Discover how enterprise teams and top MSSPs are using AI-powered alert triage to cut through the noise, enhancing their SOC analysts' efficiency and accuracy.
When it's all said and done, this will probably be one of the biggest breaches of the year… I feel like I said that last week, but I think this one takes the cake. Tea is basically a women's dating safety app where women share the profiles of men in their area and 'spill the tea' about them aka discuss their interactions, marital status, criminal background, and any other red flags. The apps main goal was to ensure women's safety from weird/bad interactions with men and instead they suffered two breaches within a week exposing 72,000 images (incl. selfies + govt. IDs) and 1.1M private messages via a misconfigured Google Firebase database. Breached assets have since been posted on 4chan with some women reporting being doxxed. Terrible.
For one, it sucks that women need such an app as a defense mechanism because it signifies a larger societal problem (there are lots of predatory men) and two, this breach reeks of vibe coding.
Further reading: Sex toy maker Lovense caught leaking users’ email addresses and exposing accounts to takeovers
The Future of Data Security report🔥
The convergence of data security and AI is something that had been on my mind a lot. The two are so integral to each other and crucial for enterprises to get a hold on both moving forward. It's why I wrote this report on where data security is headed and why a unified platform approach is needed. You can give the report a read here for free!
Huge thanks to Varonis for partnering with me on this!
Free 5-hour Blue Team Summit by Antisyphon Training + Black Hills Infosec
John Strand and the crew at Antisyphon Training are legends for multiple reasons. One of those being that they continuously put out SANS level training (~$8K+ per course) on a pay-what-you-can model. Next month, they'll be hosting a 5-hour blue team summit focusing on the SecOps, Vuln management, email security and more. They'll follow it up with low cost training which you can explore and register here.
The Truth about TAM - Index Ventures' Jahanavi Sardana
Anyone who has thought about founding a startup or been part of that journey, knows the dread TAM exercise. "How much is the Total Addressable Market (TAM) for this problem I want to solve?" Many know that the TAM data point is flawed in many ways, yet it's one of the most tangible indicators for founders and investors in deciding whether to invest in an idea. Jahanavi from Index puts TAMs into 3 buckets:
Known markets
Emerging markets
Invisible markets (don't exist yet, must be created)
Understanding and highlighting which one you play in is crucial across the lifetime of a startup, especially in cybersecurity where there are seemingly 15+ co's per problem space.
Security by Design — UX and AI in Modern Cybersecurity
"Good design is actually a lot harder to notice than poor design, in part because good designs fit our needs so well that the design is invisible, serving us without drawing attention to itself." — Don Norman, “The Father of User Experience”
Tl;dr: Security practitioner's jobs are already difficult and complex enough. Don't make it worse with shitty design and UX.
Kudos to Palo Alto for highlighting the importance of the user experience.
Cost of Data Breach in US Rises to $10.22 Million, Says Latest IBM Report
Global average cost of a data breach fell to $4.4M while rising to $10.22M in the US. This figure alone should make boardrooms take cybersecurity more seriously if they're not doing so already. Get the full report here (ungated): https://www.ibm.com/downloads/documents/us-en/131cf87b20b31c91
🔮 The Future of Security 🔮
Note: Given the influx of news this week, I didn’t have the chance to parse through and synthesize everything. Thus, I’m leaning on AI to do some of the heavy lifting.
AI Security
Promptfoo Raises $18.4 Million for AI Security Platform
PromptFoo has raised $18.4 million in Series A funding led by Insight Partners w/ participation from a16z to expand its AI security platform. The company's tools help organizations test and secure their AI applications against prompt injection, jailbreaks, and other LLM-specific vulnerabilities.
Pangea launches AI Detection and Response to close gaps in generative AI security
Pangea launched AI Detection and Response (AIDR) to help security teams monitor and control generative AI usage across their organizations. The platform provides visibility into AI interactions, detects potential data leaks or policy violations, and enables real-time response capabilities.
Application Security
Seal Security Raises $13 Million to Secure Software Supply Chain
Seal Security raised $13 million in Series A funding led by Vertex Ventures to automate patching of open source vulnerabilities. The platform automatically backports security fixes to older versions of open source components, solving a major pain point where organizations can't upgrade due to breaking changes.
Cloud Security
Edera Launches Secure Runtime Environment for Container Applications
Edera has launched a secure runtime environment designed specifically for container applications. The platform provides isolation and security controls at the container runtime level, helping organizations protect their cloud-native workloads from threats that traditional security tools might miss.
Data Security
DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033
The DSPM and AI security markets are exploding, with projections reaching $17.87 billion and $4.8 trillion respectively by 2033. This massive growth reflects enterprises scrambling to secure their data as it spreads across multi-cloud environments and gets consumed by AI systems.
Varonis unveils Next-Gen Database Activity Monitoring for agentless database security and compliance
Varonis unveiled its next-generation Database Activity Monitoring (DAM) solution to provide deeper visibility into database access and usage patterns. The platform combines traditional DAM capabilities with Varonis's data-centric security approach, helping teams detect insider threats and compromised credentials targeting critical databases.
IoT Security
Axonius reportedly acquires healthcare cybersecurity company Cynerio in deal worth up to $250M
Axonius has reportedly acquired healthcare cybersecurity company Cynerio in a deal worth $250 million. Cynerio specializes in securing medical devices and healthcare IoT environments, bringing critical expertise in protecting connected medical equipment from cyber threats.
Security Awareness
Maro Raises $4.3M to Tackle Human Risk with Real-Time Interventions
Maro raised $4.3 million to transform security awareness training with real-time interventions that catch risky behavior as it happens. Rather than relying on annual training videos, Maro's platform delivers contextual nudges and micro-learning moments when employees are about to click suspicious links or share sensitive data.
Fable Security Launches With $31M to Stop Risky Human Behavior
Fable Security emerges from stealth with $31M to tackle the human risk problem, split between a $6.5M seed from Greylock Partners and $24.5M Series A from Redpoint Ventures. Founded by Abnormal AI alums Nicole Jiang and Dr. Sanny Liao, the platform ditches checkbox training for real-time behavioral interventions delivered through Slack and email, already showing 13x faster behavior change at Pennymac and protecting high-profile clients like Genesys and the DNC.
SecOps
Prophet Security Raises $30M Series A Led by Accel to Launch its Agentic AI SOC Platform
Prophet Security raised $30 million in Series A funding led by Accel to expand its AI-powered SOC platform. The company automates threat investigation and response workflows, promising to reduce alert fatigue and help overwhelmed security teams focus on real threats.
BlinkOps raises $50M to expand deployment of no-code security micro-agents
BlinkOps raised $50 million to expand its micro-agent security platform for enterprises and MSSPs. The platform uses specialized AI agents to automate specific security tasks like log analysis, threat hunting, and incident response.
Dropzone AI Raises $37 Million for Autonomous SOC Analyst
Dropzone AI secured $37 million to expand development of its AI SOC analyst and platform integrations. The solution acts as an autonomous tier-1 analyst, investigating alerts and escalating only verified threats to human teams.
RAD Security debuts RADBots to streamline security investigations and compliance
Rad Security debuted RadBots to streamline security investigations and compliance workflows. The platform deploys AI-powered bots that can automatically gather evidence, correlate alerts, and generate compliance reports.
Threat hunting startup Nebulock closes $8.5M to grow AI threat detection engine
Nebulock closed $8.5 million in funding to grow its AI-powered threat detection engine. The platform uses behavioral analytics and machine learning to identify threats that signature-based tools miss, focusing on detecting novel attack patterns.
Darwinium Launches AI Tools to Simulate, Detect, and Disrupt Adversarial Fraud
Darwinium launched AI tools to simulate, detect, and disrupt adversarial fraud attempts. The platform can model attacker behavior, identify synthetic identities, and block sophisticated fraud schemes in real-time. Great company name btw ;)
Cybersecurity upstart Legion emerges from stealth with $38 million from Accel, Coatue, and others
Legion emerged from stealth with $38 million in combined seed and Series A funding co-led by Accel and Picture Capital, with participation from Coatue. Founded by former Microsoft Sentinel executives, Legion's AI-powered SOC platform uniquely detects threats within users' browsers—a critical gap missed by traditional solutions that focus on network and endpoint layers.
Vulnerability Management
Root Evidence Bets on New Concept for Vulnerability Patch Management
Root Evidence launched its platform to revolutionize vulnerability evidence collection and reporting. The solution automates the documentation of security findings, creating detailed proof-of-concept reports that help security teams communicate risk to stakeholders and developers. This addresses a major pain point where pentesters and security engineers spend hours manually documenting vulnerabilities instead of finding them.
Tonic Security Launches with $7M to Tackle Cybersecurity Alert Fatigue Using AI Context
Tonic Security raised $7 million in seed funding to build its next-generation vulnerability management platform. The company focuses on cutting through the noise of traditional scanners by prioritizing vulnerabilities based on actual exploitability and business context. With organizations drowning in vulnerability data, Tonic's approach to making vuln management actionable rather than overwhelming could finally help teams fix what actually matters.
Intruder launches GregAI to deliver AI-powered, contextual security workflow management
Intruder.io introduced Greg, an AI security analyst designed to augment vulnerability management workflows. Greg can analyze scan results, provide remediation guidance, and even explain complex vulnerabilities in plain language for non-technical stakeholders. This AI assistant approach helps bridge the gap between finding vulnerabilities and actually getting them fixed by making security findings more accessible to development teams.
Interested in sponsoring TCP?
Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of ~7,300 CISOs, practitioners, founders, and investors across 100+ countries 🌎
Bye for now 👋🏽
That’s all for this week… ¡Nos vemos la próxima semana!
Disclaimer
The insights, opinions, and analyses shared in The Cybersecurity Pulse are my own and do not represent the views or positions of my employer or any affiliated organizations. This newsletter is for informational purposes only and should not be construed as financial, legal, security, or investment advice.
where can we read Tim Prendergast thoughts on the acquisition?