SentinelOne

🚦 Global Law Enforcement Arrest Extortionist, Phobos Affiliate & Financial Scammers, Actors Target Protest Supporters in Iran, and Infostealers Exfiltrate OpenClaw’s Operational Secrets 🚦 This is the week in cyber. This is SentinelOne’s Good, Bad & Ugly cyber news roundup. ⬇️ ✅ GOOD: Global Law Enforcement Agencies Take In Data Extortionist, Phobos RaaS Affiliate & Financial Scammers • A Dutch man was arrested for downloading misdirected confidential documents and attempting to extort authorities by refusing to delete them. • Polish authorities detained a suspect linked to the Phobos ransomware group, seizing stolen credentials and infrastructure access as part of Europol’s “Operation Aether”. • Interpol-led Operation Red Card 2.0 coordinated across 16 African countries, arrested 651 suspects, recovered $4.3 million, and dismantled widespread fraud networks exploiting investment and mobile money scams. ⚠️ BAD: CRESCENTHARVEST Actors Target Protest Supporters In New Espionage Campaign • A new “CRESCENTHARVEST” campaign targets Farsi-speaking supporters of Iran’s protests, using protest-themed lures and malicious archives to deploy malware for long-term surveillance and data theft. • The malware functions as a RAT and information stealer, capturing credentials, keystrokes, and system data while blending C2 communications into normal traffic, suggesting state-aligned, politically motivated espionage. 🤢 UGLY: Infostealers Exfiltrate OpenClaw AI Assistant’s Operational Secrets • OpenClaw’s agentic AI framework creates a new security risk as malware can exfiltrate its configuration, memory, and authentication files, allowing attackers to hijack autonomous agents’ identities and capabilities. • Broad file-harvesting malware can enable full takeover of the assistant, prompting Prompt Security’s ClawSec and OneClaw tools to provide visibility, control, and protection for AI assistants before they can be exploited. 🔒 Follow us for weekly GBU with practical defenses leaders can act on: https://s1.ai/GBU9-Wk8

“Human connection matters more than any label ever will.” For SentinelOne's Sr. Solutions Engineer, Yann LOUNGUIDY, leadership starts with people. His career in cybersecurity leans into problem-solving, consistency, and building genuine relationships. Born and raised in France, Yann was often the only Black voice in the room — a responsibility he has embraced by using his perspective to drive inclusion and progress. This mindset extends beyond his work. As a father of two, with deep roots to his Caribbean heritage, Yann is intentional about raising culturally aware children, using travel across Southeast Asia as a way to teach openness, resilience, and pride. “Real progress happens when we look beyond labels and see people for their capabilities, curiosity, and shared humanity — at work and beyond.”

Shadow AI isn't a buzzword—it's likely already on your network. Do you know who (or what) is running OpenClaw and other AI assistants in your enterprise environment right now? Introducing OneClaw by Prompt Security: The first lightweight discovery and observability tool designed to give you comprehensive visibility into agent deployment sprawl. We aren't here to slow down innovation—OneClaw is strictly illumination. It observes the "Shadow AI" in your network by:  🔹 Detecting autonomous execution modes & approval bypasses  🔹 Mapping outbound browser activity and data exposure paths  🔹 Centralizing reports across all employees into one dashboard Move from reactive firefighting to proactive governance. See the agents. Secure the sprawl. 🔗 https://s1.ai/OneClw-Disc 📅 Launching Wednesday, Feb 18

Shadow AI isn’t just about unsanctioned chatbots anymore. Agentic tools like OpenClaw can execute code, spawn processes, call external APIs, and operate with the same privileges as the user running them. That fundamentally changes the security model. Traditional controls are still necessary — but they weren’t built to govern autonomous execution. They can’t see what’s happening inside the prompt, the model, or the agent runtime. We just released a comprehensive technical guide on securing the full AI lifecycle — from data to infrastructure to runtime. Don't let your AI assistants become insider threats. Secure the stack before the agents drift. Read the full breakdown: https://s1.ai/Shadow-Agnts

Everyone is studying ways to protect AI from data poisoning or prompt injections. But what happens when hackers target the AI controlling a robotaxi or a warehouse robot? 🤖🚗 "The models underpinning self-driving cars, humanoids and other physical applications of AI are about to become prime targets for hackers," warns Tomer Weingarten. In an exclusive interview with Axios’s Sam Sabin, Tomer describes how over the next year AI will become a cyber-physical attack surface. He warns that few people outside the security industry are ready for a world where autonomous vehicles are hijacked or warehouse robots are tricked into rerouting merchandise. It’s time to shift our thinking from protecting digital networks to securing intelligent systems from multimodal threats. Read the full writeup: https://s1.ai/Axs-PhyAI

What is the quickest way to a security pro's heart? 💗 A) Words of Affirmation B) Acts of Service C) Physical Touch(points) D) Quality Time E) ________________ (Something Else) Comment below 👇 Bonus points for creativity

🚦 Identity Theft Scammers Charged, Crypto Scam King Sentenced, MFA Tool Sellers Arrested, Gemini AI Misuse in Attacks, and UNC3886 Targets Singaporean Telcos 🚦 This is the week in cyber. This is SentinelOne’s Good, Bad & Ugly cyber news roundup. ⬇️ ✅ GOOD: Major criminal networks disrupted and fraud facilitators taken offline • Two men from Glastonbury, Connecticut were charged with defrauding FanDuel and other online gambling platforms using thousands of stolen identities — an extensive scam tied to coordinated identity theft and high-volume abuse of digital services. • A man was sentenced to 20 years in prison for his role in a $73 million global cryptocurrency investment and romance baiting scam, one of the most significant crypto fraud sentences to date. • Police in Europe arrested a seller of JokerOTP, a tool designed to capture multi-factor authentication passcodes, cutting off access to a key credential-harvesting component used by threat actors. ⚠️ BAD: Attackers misuse Google’s Gemini AI across attack stages • GTIG reports that state-backed hackers are abusing Gemini and other AI models to support all stages of cyberattacks — from reconnaissance and social engineering to crafting malware and automating payload delivery. • The research highlights how adversaries are lowering the barrier to attack by using AI for creative tasks previously done manually. 🤢 UGLY: China-linked UNC3886 targets Singapore with long-term intrusion campaigns • A China-linked threat cluster tracked as UNC3886 has been observed in targeted campaigns against Singaporean telecommunication giants, leveraging bespoke backdoors and persistent access mechanisms to maintain long dwell times in victim environments. 🔒 Follow us for weekly GBU with practical defenses leaders can act on: https://s1.ai/GBU9-Wk7

Data Sovereignty. Aging Infrastructure. The simultaneous hope and threat of AI. These are the defining fault lines for the future of European and global security. At the Munich Cyber Security Conference, one of the continent’s most important forums for digital defense, our CEO Tomer Weingarten joined Akamai’s Tom Leighton to discuss this complex landscape. The consensus? You cannot build the future on a fragile foundation. Conversations like this are a vital part of how we secure innovation—without compromising sovereignty. 🛡️

“Your path doesn’t have to make sense to anyone else but you.” SentinelOne’s Sr. Solutions Engineer, Wadson Fleurigene CISSP, CISM, OSCP.’s career journey proves that leadership isn’t about following a straight line — it’s about staying true to your purpose. Starting out in law enforcement before transitioning to cybersecurity, Wadson pillared his career on service, curiosity, and integrity. His early professional experiences shaped how he leads today: with empathy, adaptability, and a deep respect for trust. For Wadson, success comes from solving hard problems and deeply investing in people. “Progress happens when opportunity is shared and the next generation is empowered to lead. I’m committed to giving back by mentoring others and creating space for real conversations that drive change.”

Guardian Spotlight: South Texas College 🎉 🇺🇸 This month, we’re proud to spotlight South Texas College, a member of our SentinelOne Guardians Program. South Texas College partnered with SentinelOne to protect their 34,000 students, sharing their real-world experience securing their organization and highlighting their success. Key results: ➡️80% fewer service tickets to triage ➡️Per incident resolution time down from a full day to 30 mins ➡️ 20-30 hours of work a week reclaimed across the team Check out their full story here: https://lnkd.in/gZ-iafu8 Thank you for being a trusted voice in the cybersecurity community 💜