SentinelOne

🚦 Spanish Police Arrest Hacktivists, Major Cybercrime Sentences & Sanctions, MuddyWater Expands Targeting, and SD-WAN Devices Under Attack 🚦 This is the week in cyber. This is SentinelOne’s Good, Bad & Ugly cyber news roundup. ⬇️ ✅ GOOD: Law enforcement disrupts hacktivism and cybercriminal infrastructure • Spanish authorities arrested four suspected members of the “Anonymous Fénix” hacktivist group responsible for distributed denial-of-service (DDoS) attacks on government ministries, political parties, and public institutions — and seized their social media and Telegram channels. • A former general manager of a U.S. defense contractor was sentenced to 87 months in prison for selling stolen trade secrets to unauthorized actors, including proprietary cyber-exploit tools. • The U.S. Treasury sanctioned a Russian exploit broker and associated entities for buying and reselling stolen zero-day vulnerabilities, highlighting the risks of illicit exploit markets. ⚠️ BAD: MuddyWater’s “Operation Olalampo” targets MENA organizations • New research reveals a multi-stage campaign attributed to the Iranian-aligned threat actor MuddyWater, dubbed Operation Olalampo, which deployed four novel malware variants (including Rust-based backdoors and loaders) to compromise organizations across the Middle East and North Africa (MENA) region. • The campaign used spear-phishing and a Telegram-based C2 bot for post-exploitation activity, continuing a long-running pattern of espionage and targeted compromise. 🤢 UGLY: SD-WAN devices exploited in the wild • Cisco Talos reported that threat actors are exploiting vulnerabilities in SD-WAN equipment, using crafted requests to gain unauthorized access and potentially deploy malicious payloads in corporate networks. • The activity follows observation of exploitation targeting default configurations, weak credentials, and exposed management interfaces — illustrating how core networking stacks can be leveraged by attackers when not properly hardened. 🔒 Follow us for weekly GBU with practical defenses leaders can act on: https://s1.ai/GBU9-Wk9

“No one is going to knock on your door and give you an opportunity. You have to go after what you want.” Denise Taylor, SVP People Operations, Global Learning & Technology Solutions, leads with conviction, transparency, and a steady commitment to doing the right thing. Rooted in a rich heritage spanning England and Barbados, Denise embodies a legacy of resilience, perseverance, and community. She credits her work ethic to working hard and taking ownership of every opportunity before her. She rolls up her sleeves alongside her team, builds trust through transparency, and navigates complex conversations with clarity and care. In doing so, Denise creates spaces where people feel seen, heard, and empowered to grow. Guided by faith and integrity, she is intentional about mentoring others, helping them find their voice while continuing to learn from leaders who have challenged and trusted hers. She never loses sight of the people behind the results. “I wouldn’t be anywhere without my team. You can’t do it alone, and having a strong support system around you is what really helps you be successful.” 👉 Read more about Denise’s journey here: https://s1.ai/aaefb9

There are moments in your career when high performance isn’t just discussed — it’s embodied. At our FY27 SentinelOne Sales Kickoff, we had the privilege of hearing from Andre Agassi — former World No.1, eight-time Grand Slam champion, Olympic gold medalist, and Hall of Fame inductee. Andre turned pro at 16 and built a 20-year career defined by consistency, resilience, and winning at the highest level. But what stood out most wasn’t the trophies. It was the mindset 🧠 High performance is a discipline. Andre spoke about: - Relentless preparation - Reinvention under pressure - Defeating the toughest adversaries - Sustaining excellence over decades That’s the same standard we hold ourselves to at SentinelOne for our customers and partners. In cybersecurity, threats evolve daily. AI is accelerating both attackers and defenders. Succeeding requires: - Mastering the fundamentals - Adapting fast, relentlessly innovating - Performing when the stakes are highest - Trusting the team around you Beyond tennis, Andre has helped raise $185M through the Andre Agassi Foundation for Education, supporting over 100,000 students across the U.S. High performance with purpose. Being a force for good.💜 As we head into FY27 the mission is clear: train harder. Execute sharper. Compete smarter. Be a force for good. Never stop raising the bar. ELEVATE. Game on. 🎾🔥

🚨 Agentic AI, shadow agents, and autonomous attack surfaces: This is the February edition of our Code Purple newsletter. 🚨 In this issue, we break down the latest in AI-driven cybersecurity so you can stay informed — and stay ahead: 🕵️ OneClaw: Discovering and mapping Shadow AI across your enterprise 🛡️ ClawSec: Hardening OpenClaw agents against supply chain attacks and prompt injection 🌐 175,000 Exposed LLM Hosts: How unmanaged AI infrastructure is reshaping risk 🤖 When AI Acts Like a User: Securing agents that execute code, call APIs, and move data 📊 Unified Agentic Defense: Top marks for SentinelOne’s AI Security Platform AI isn’t just assisting anymore — it’s acting. Read the full newsletter and stay ahead of the curve in cybersecurity. 📩

Is AI a cyber disruptor or cyber opportunity? 🤔 Our CEO Tomer Weingarten joined CNBC’s Seema M. and Kelly Evans to break down the hype vs. reality when it comes to LLMs and their potential to disrupt subsectors of the security market. 📺 Watch the clip below to hear Tomer's full take on stopping next-gen threats: https://cnb.cx/4qZh8W6

What happens when a nation-state actor or cybercriminal already has the keys? 🔐 Today, threat actors aren't only breaking in at the authentication layer—they’re logging in with valid access across browsers, endpoints, AI tools, and automated workloads. Add autonomous AI agents to the mix, and this fundamental problem of authorizing trust instantly multiplies. SentinelOne’s unique approach is designed to stop identity attacks by following a single core principle: authorization alone is not sufficient. Access must be continuously validated and, when necessary, withdrawn at runtime across endpoints, browsers, and AI workflows. Introducing our new Singularity™ Identity Portfolio, delivering: - Singularity Identity: Context for who (or what) is acting - Prompt Security: Surfacing misuse in browsers and AI tools - Singularity Endpoint: Validating behavior at the system level Together, these innovations deliver the behavioral intelligence and autonomous containment required to defend against modern identity attacks. 🔗 Learn more in the blog: https://s1.ai/Idntty-Bl 🔗 Read the press release: https://s1.ai/Idntty-PR

In FY27 we’re setting a new bar for ourselves, our customers and our partners: ELEVATE ⬆️ On day 1 of our SKO our team is dialed into our mission of providing defenders with the ultimate security advantage ✨ When humans alone can’t outpace the threat, our cybersecurity market needs AI security that is autonomous, intelligent, and unified. Our opportunity is boundless, our focus is relentless and our AI security platform is unmatched. Lets go 🚀

🚨 Recognized as a leader in Unified Agentic Defense — delivering AI security across the entire AI lifecycle. SentinelOne has been recognized by Software Analyst Cyber Research (SACR) as a leader in its inaugural Unified Agentic Defense Platforms Majestic Technoscope — earning top marks for both strategic vision and delivery of complete AI Security. Why it matters: - A leader in Unified Agentic Defense - Securing the entire AI lifecycle — Security for AI + AI-enabled Security - One AI-native platform across infrastructure, data, runtime, and users - Faster remediation. Less tool sprawl. Deeper visibility. - A modern replacement for legacy SIEM and disconnected point solutions From agentic AI powered agents in security operations that autonomously identify and defend against threats at machine speed, to enabling safe and responsible use of AI applications in development and in the enterprise - we provide CISO’s with capabilities to empower SOC teams and enable their organisations to innovate and work at speed, with safety. The future of security is agentic. We’ve been building to this moment from day one. 👉 Read the full report: https://s1.ai/SACR-report

“Human connection matters more than any label ever will.” For SentinelOne's Sr. Solutions Engineer, Yann LOUNGUIDY, leadership starts with people. His career in cybersecurity leans into problem-solving, consistency, and building genuine relationships. Born and raised in France, Yann was often the only Black voice in the room — a responsibility he has embraced by using his perspective to drive inclusion and progress. This mindset extends beyond his work. As a father of two, with deep roots to his Caribbean heritage, Yann is intentional about raising culturally aware children, using travel across Southeast Asia as a way to teach openness, resilience, and pride. “Real progress happens when we look beyond labels and see people for their capabilities, curiosity, and shared humanity — at work and beyond.”

Shadow AI isn't a buzzword—it's likely already on your network. Do you know who (or what) is running OpenClaw and other AI assistants in your enterprise environment right now? Introducing OneClaw by Prompt Security: The first lightweight discovery and observability tool designed to give you comprehensive visibility into agent deployment sprawl. We aren't here to slow down innovation—OneClaw is strictly illumination. It observes the "Shadow AI" in your network by:  🔹 Detecting autonomous execution modes & approval bypasses  🔹 Mapping outbound browser activity and data exposure paths  🔹 Centralizing reports across all employees into one dashboard Move from reactive firefighting to proactive governance. See the agents. Secure the sprawl. 🔗 https://s1.ai/OneClw-Disc 📅 Launching Wednesday, Feb 18