Vasu Murthy

Download Pentera Labs Report - revealing three new critical injection points in the ingress-nginx controller, building on Wiz’s IngressNightmare CVE. These overlooked vulnerabilities could let attackers hijack traffic, spoof headers, or reach unauthorized backend services - They exist in one of the most widely used ingress controllers in Kubernetes, putting countless environments at risk. This research highlights how small misconfigurations can lead to major exposure in modern cloud-native architectures. What’s Inside: ✅ 3 new injection vulnerabilities in ingress-nginx ✅ How attackers find and exploit CVEs in open source ✅ Actionable tips to secure your Kubernetes environment https://lnkd.in/eHtX6EdP

6

1 Comment

Since Anthropic’s announcement, I’ve noticed two kinds of voices... The first: the self-proclaimed "AI experts." Confident. Certain. Ready to explain to everyone who asks how everything we know is dead, the Software Supply Chain is changing, and the old rules no longer apply. The second: the people who are genuinely trying to understand. Not rushing to declare the future, adopt the new era with excitement, but still asking thoughtful questions about where this is really going. In just 10 days, the conversation has shifted dramatically. From Elon Musk’s tweet about binaries, to Anthropic’s announcements, to Yoav Landman’s blog, to Jensen Huang’s interview a few days ago - it feels like the ground moved beneath our feet. The shift isn’t incremental, it’s tectonic! So instead of speculating, I want to bring this down to my level. No hype. No drama. Just facts. What are we actually seeing? What is truly changing (or not)? And what should we realistically expect as this wave builds - as the surge accelerates - as the “tsunami of binaries” approaches...

368

2 Comments

With the Tsunami coming, ride the wave of AI. Don't panic, don't crush on it , decisions and governance should be calm and calculated to protect and manage what's matter - your binaries

8

Qualys has introduced powerful new VMDR features to simplify risk management and executive reporting. Security teams can now link vulnerabilities to business context, define risk tolerances, and track KPIs over time - all within a single platform. These capabilities help CISOs communicate security posture clearly and drive better decision-making. At CogSecurity, we specialise in helping businesses maximise their Qualys investments, ensuring robust security postures against evolving threats. Contact us today for expert guidance on strengthening your defences.

2

Enterprise security teams spend millions on tools, yet most of that budget goes toward keeping up — not getting ahead. The result? - Limited coverage - Duplicate findings - Endless triage MindFort’s agents give you more coverage for less effort. Instead of drowning in noise, you get validated results, prioritized by impact. The outcome: higher ROI, lower burnout, and a team that can focus on what really matters. MindFort AI (YC X25)

13

1 Comment

Holy big acquisitions! Palo Alto Networks acquires CyberArk for a cool $25B. Nikesh Arora and Udi Mokady join Jim Cramer on Mad Money to discuss why he needed to make this move, Arora stated, "I've always paid attention to markets when they inflect, because inflection points create the opportunity for us to enter markets and provide our customers differentiated services. And I believe with the #AI wave we're seeing all around us, with 88% of all ransomware attacks driven by credential theft, identity is an unsolved problem" https://lnkd.in/gE3kbYXC Brenna Karr, Nicole Hockin, Ashley Vandiver, Mike R., Sharon Vaughan

97

1 Comment

Have you heard of the llm-d project? It improves LLM performance and drives down costs of inference serving on Kubernetes. It's based around a few key projects including vLLM and kgateway. If you want a deep dive into how it works with a detailed step-by-step "packet flow" through llmd, take a look at this blog I wrote recently. 👉 https://lnkd.in/g2mbEh3m

44

3 Comments

We’re proud to see our case study with FileCloud go live and highlight how Avatara simplifies secure data storage and collaboration for organizations. In today’s digital landscape, data sits at the center of modern business. It’s an organization’s most valuable asset and the foundation around which daily operations revolve. Yet as data spreads across shared platforms and disconnected tools, many businesses are losing visibility and control over where their data lives, who has access to it, and how it’s being used or shared. This data sprawl creates significant challenges around governance, security, and compliance, particularly for organizations operating in regulated or security focused environments. By combining FileCloud’s file and collaboration technology with the Avatara Platform, we bring governance, clarity, and control back to businesses. Data resides in a fully managed, private environment, giving organizations the ability to maintain consistent security controls, manage access, and confidently meet compliance requirements. The result is a simpler, more secure approach to data management that reduces sprawl, strengthens governance, and enables collaboration without sacrificing control. If you’re interested, take a look at the case study to see how this comes together in practice.

19

If you missed it at .conf25, our packed “Observability for Gen AI” session showed how to build a RAG app and treat it like any production service: observable, measurable, and tunable. See how Splunk Observability Cloud gives teams the visibility they need to monitor LLM performance and cost. https://bit.ly/4t4Hs3y

2

Stop switching tabs. Start shipping verified artifacts. JFrog is officially live on the Cursor Marketplace! You can now bring JFrog’s #SoftwareSupplyChain security directly into your AI-native IDE. Ask Cursor to check for vulnerabilities, and it will use JFrog's verified security data to analyze your code and recommend precise remediation. 🛠️ Install now: https://lnkd.in/gUZUP-2d #CursorAI #DevSecOps #AI

130

Meet Keygraph from our PearX S25 cohort 🚀 Founder Varun Sivamani saw too many security teams juggling too many tools, from identity management and device management to application security and compliance. This result is complexity and busywork instead of real security.  Keygraph is simplifying all of it. It’s an AI-native security and compliance platform that unifies the security stack around the identity and device graph. Excited to see Varun build the single platform for compliance, identity, device management, and compliance.

43

6 Comments

Salt Security is partnering with Wiz to unify API and cloud security for better risk management. APIs are the backbone of modern apps—but they also represent one of today’s most vulnerable and dynamic attack surfaces. Salt’s API threat intelligence now feeds directly into Wiz’s security graph, helping teams to discover shadow/zombie APIs and toxic combinations, correlate API behavior with cloud infrastructure risks, automate incident creation and response workflows, and strengthen compliance and posture governance. For MSSPs and partners, it’s a win: one integration, broader visibility, faster response—and a stronger security narrative for clients. Read more here: https://lnkd.in/eXZ4euSp Salt Security Wiz #CloudSecurity #APIsecurity #MSSP #RiskManagement #Cybersecurity #ChannelPartners #SaltSecurity #Wiz #Integration #SecurityPosture #Automation #ShadowAPI

9

In this conversation with Cribl's Przemek Papliński, Kishore Korathaluri, and Bill Chung, get an inside look at how Cribl’s own SRE team migrated from a self-hosted Stream environment to Cribl.Cloud. They share what motivated the move, the challenges they faced along the way, and how switching from OpenSearch to Cribl Search improved performance and usability: https://gag.gl/QRNGgH

1

Israeli M&A is running at an unprecedented pace in 2026 and the underlaying reason is really interesting. Wiz and CyberArk both cleared regulatory approval on deals announced last year. That's two megadeals closing on the same day. Beyond the massive headlines, the baseline activity in 2026 caught my attention. The numbers so far (as of Feb 11): → 13 disclosed acquisitions in 42 days → $4.2B of M&A capital → 2.2 deals per week This amounts to $100M of #liquidity returning to investors every day! What other ecosystem provides $100M of liquidity per day on average since the beginning of 2026? If this pace holds, we're looking at ~113 M&As by year-end and close to $37B in disclosed value. This is excluding the just approved megadeals and excluding the unannounced rounds (which probably add $3-20m each). What's driving this? AI is the obvious answer. 10 of 13 deals are AI-centric companies. But I think there's something deeper happening: - Acquirers are paying premium multiples to compress time-to-AI-capability rather than build internally. - Israeli startups are shipping production-level AI, not demos. That's the arbitrage. - Speed > cost in this market cycle. Meanwhile, startup creation is on the rise (we predicted this in our stealth report ~12-months ago). It seems the industry will continue producing sellable companies at an increasing rate. This year is poised to be very interesting 😇

21

1 Comment

Ron Okopnik from Pentera Labs built on Wiz’s IngressNightmare research and discovered three previously undocumented injection points in Kubernetes’ ingress-nginx controller. These vectors go beyond the original four CVEs and give attackers the ability to bypass security controls, execute arbitrary code, and pivot deeper into Kubernetes clusters. Security teams need to think like attackers. This research helps them do exactly that. 👉 𝗥𝗲𝗮𝗱 𝗺𝗼𝗿𝗲 𝗼𝗻 𝗵𝗼𝘄 𝘁𝗵𝗲𝘀𝗲 𝗿𝗶𝘀𝗸𝘀 𝘂𝗻𝗳𝗼𝗹𝗱 𝗮𝗻𝗱 𝘄𝗵𝗮𝘁 𝘁𝗵𝗲𝘆 𝗺𝗲𝗮𝗻 𝗳𝗼𝗿 𝗞𝘂𝗯𝗲𝗿𝗻𝗲𝘁𝗲𝘀 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆: https://lnkd.in/dra7Ai-4 #Kubernetes #PenteraLabs #CloudSecurity

44

The Zafran Security team is redefining threat exposure management by turning AI and existing security controls into real-world risk reduction for enterprise security leaders.

20

Great insights from Cody Warhurst, Director of Identity and Access Management at Keurig Dr Pepper, who joined SailPoint at Navigate to discuss the fundamentals of identity security. Cody highlights the critical importance of lifecycle management—onboarding, offboarding, and change management—as the foundation for a successful identity security program. When done right, it helps ensure employees have the access they need from day one, boosting productivity and eliminating delays. Check out his full interview:

7