🔥 🟣 Purple AI is here and now generally available! To learn more about the industry’s leading AI security analyst, watch the video below. 👉 Ready to transform your security operations? Get a demo: sentinelone.com/platform/pur…

Law enforcement dismantled a major crypto laundering empire, a PRC-linked botnet targeted U.S. military infrastructure, and a self-replicating worm infected major open-source repositories. This is the Good, Bad & Ugly. ⬇️ ✅ GOOD - Europol dismantled the AudiA6 cryptocurrency laundering network, arresting two senior administrators and seizing vast digital assets. - The joint operation disrupted an industrial-scale infrastructure that laundered over $380 million for global ransomware syndicates. - The FBI seized 13 fraudulent websites used by Chinese intelligence operatives to recruit U.S. citizens holding sensitive government security clearance. ⚠️ BAD - The VOlt Typhoon-linked JDY botnet expanded its global footprint to over 1,500 compromised SOHO and IoT devices. - Operators are weaponizing the network to conduct stealthy distributed scanning and fingerprinting against U.S. military infrastructure. - The malware executes exceptionally fast SYN scanning using custom-crafted TCP packets to rapidly locate vulnerable edge devices. 🤢 UGLY - The Miasma supply chain worm recently compromised 73 Microsoft GitHub repositories to automatically trigger malicious code execution in developer environments. - Attackers evolved the campaign into the Hades variant, poisoning 19 PyPI packages with hidden setup files that execute silently during Python startup. - The malware deploys heavily obfuscated credential stealers and incorporates novel plain-text prompt injections to deceive LLM-based package analysis tools. Full breakdown → s1.ai/GBU9-Wk24

Another big win for SentinelOne customers looking to embrace and derisk Claude usage in the workplace. SentinelOne integrates directly with the Claude Compliance API, bringing AI activity into the security platform your teams already trust: → Prompt Security — Real-time policy enforcement on prompts and responses. Agentless. Works on both managed and unmanaged devices. → Singularity AI SIEM — Claude activity ingested as native telemetry, correlated against your full security picture. AI interactions no longer live in a silo. Security should move at the speed of AI. Now it can. 🔗 s1.ai/Claude-API

In the final video from our @labscon_io 2025 Replay series, @juanandres_gs argues that the experimental era of cybersecurity is ending. Years of piling complexity onto non-standardized software stacks have produced systems that have left security unsteerable and costly to human-only management. What changed the entire equation is the rise of large language models. JAGS describes them as a new source of cheap, effectively unlimited evaluative power, a "lossy compression of human knowledge." Used well, that kind of mechanized intelligence gives defenders a scalable way to assess, prioritize, and act. It also lowers the cost of analysis and changes how defensive work can be done at scale. This argument shapes JAG-S' broader point about how security should evolve. Drawing on cybernetics, he urges the industry to move beyond purely adversarial, agonistic design and toward systems where human expertise and artificial evaluative power work together to produce better outcomes. The blueprint is to build in, not bolt on. Rather than defending old product categories or familiar workflows, it’s time for a more standardized, automated, and sustainable future. Watch the keynote: s1.ai/LC25-JAGS

OneCon26 isn't most security conferences. We're opening the stage to the people actually doing the work — the ones shipping detections late at night., the researchers tearing apart novel malware, the defenders who fought an AI-driven attack in real time and lived to victoriously write the runbook. If you've built something that worked when it shouldn't have, broken something that everyone said was unbreakable, or seen a pattern nobody else is naming yet, that's the talk we want. Not theory. Not roadmap slides. The work, as it actually happened. Submissions close July 2, 2026. Analysts, architects, defenders — pitch us your sharpest idea. The agenda starts with you. → Apply to Speak: s1.ai/OneCon26-CFC

$100K. One world title. 400 flags pulled from live attack campaigns. Your move. The Threat Hunting World Championship 2026 opened June 2. Compete against threat hunters around the world in brand-new 30-minute capture-the-flag rounds. The Top 200 players per region will advance to the September Regional Finals. Three regional champs earn an all-expenses-paid trip to OneCon26 in Vegas to compete live for the world title. With a charity donation made in their names. $100K pool. Every round pays. Compete from your seat. Enter now and start earning your rank today. → lnkd.in/gScPJbqX

Law enforcement dismantled massive cryptocurrency fraud rings, a Chinese cybercrime group expanded its global phishing footprint, and attackers exploited a critical authentication bypass in Palo Alto VPN portals. This is the Good, Bad & Ugly. ⬇️ ✅ GOOD - Spanish National Police arrested a suspect connected to a massive data leak exposing sensitive government employee information. - The U.S. Treasury officially sanctioned Iran's largest cryptocurrency exchange, Nobitex, for facilitating ransomware payments. - The DoJ disrupted widespread transnational cryptocurrency investment fraud networks across Southeast Asia, freezing $3.8 million in stolen digital assets. ⚠️ BAD - China-linked threat actor TA4922 is aggressively expanding its financially-motivated phishing campaigns into Europe and South America. - Attackers shift victim communications to out-of-band channels like WhatsApp and Teams to bypass enterprise security controls. - The group uses DLL side-loading to deploy advanced remote access trojans and secondary executables to harvest sensitive corporate data. 🤢 UGLY - Palo Alto Networks confirmed that threat actors are actively exploiting a critical authentication bypass vulnerability in GlobalProtect VPN portals. - Attackers retrieve public keys via standard HTTPS sessions to generate forged authentication cookies, frequently targeting local administrator accounts. - CISA added the flaw to its Known Exploited Vulnerabilities catalog as attackers successfully secured full VPN IP assignments to access internal networks. Full breakdown → s1.ai/GBU9-Wk23

Five years ago, @labscon_io started as an ambitious experiment. Could we build a brand-new conference centered entirely on original security research? Could we create a venue where the work spoke louder than the marketing, where researchers challenged assumptions, shared discoveries, and pushed the industry forward? The answer has been an emphatic yes. As we prepare for LABScon 2026, we're excited to announce that this will be the final edition of LABScon. If we're going to close this chapter, we're going to do it the only way we know how: by putting together the strongest program we've ever had. This year, we're looking for the work that will define what's next. The boldest ideas, the uncomfortable findings, the research that changes how we think about this unknown era that’s upon us. The final LABScon CFP is open now and closes June 19. To everyone who has spoken, attended, sponsored, volunteered, debated, argued, collaborated, and helped make LABScon what it became, thank you. What started as a conference became a real community, and we're incredibly proud of what we built together. Every project has a lifecycle. We're ending this one on our terms, at its peak, with gratitude for everything it accomplished and excitement for what comes next ;) See you in Phoenix! Submit at labscon.io

The market is moving from detections and alerts to autonomously anticipating and stopping threats. SentinelOne just earned Latio's inaugural SOC Platform Leader designation—validation that we're one of very few vendors with the architecture to make that shift real. Learn more about the recognition→ s1.ai/Latio-PR Register for the webinar → s1.ai/Latio-Web Why it matters: SOC transformation projects fail when teams bolt automation onto fragmented tools. You can't automate your way out of point solutions. The machine runs faster, but so does the noise. True transformation requires rebuilding the foundation. That's rare. What's new: Latio recognized SentinelOne as a SOC Platform Leader because our architecture is fundamentally different—not bolted-together point solutions, but one unified data plane, one AI analyst (Purple AI) running cross-domain investigations from endpoint to cloud to identity. The outcome: your team finds threats faster. What makes transformation real: - Unified architecture removes integration debt and vendor finger-pointing—cross-domain investigations run at machine speed - Purple AI operationalizes triage, hunting, and escalation natively, learning from your data across endpoints, cloud, and identity - Singularity AI Data Pipelines embeds pre-ingestion normalization and enrichment—signal reaches your decision loop, not noise

New Signals & Stories episode with @TomHegel from @SentinelOne and @invisig0th from The Vertex Project. We discuss: 🔹DPRK IT workers posing as job applicants 🔹Cross-functional intelligence sharing 🔹AI in CTI 🔹And more! Really fun conversation on where CTI is headed. #CyberSecurity #CTI #ThreatIntelligence hubs.la/Q04jJT3j0

Law enforcement took down a Russian-linked hosting network, a ransomware group escalated to dispatching physical operatives for data extortion, and a massive supply chain campaign targets developer environments and AI tools. This is the Good, Bad & Ugly. ⬇️ ✅ GOOD - Dutch authorities dismantled Stark Industries, seizing 800 servers used to enable pro-Russian DDoS and disinformation campaigns. - A Romanian hacker received a 56-month federal prison sentence for breaching the Oregon state government network and stealing PII. ⚠️ BAD - The FBI warns that Silent Ransom Group is targeting U.S. legal and financial institutions with in-person data extortion schemes. - Attackers use typosquatted helpdesk domains, and if remote access fails, deliberately dispatch physical operatives to manually insert USBs into company computers. - The attackers then harass employees and clients by phone to force financial negotiations under the threat of leaking proprietary data. 🤢 UGLY - Security researchers uncovered TrapDoor, a massive supply chain attack spreading credential-stealing malware across npm, PyPI, and Crates.io. - The campaign leverages registry-specific execution methods to harvest sensitive developer secrets, cloud credentials, and cryptocurrency wallets. - Threat actors uniquely implant poisoned files designed to trick AI coding assistants into autonomously executing malicious security scans. Full breakdown → s1.ai/GBU9-Wk22

From day one, SentinelOne was architected to stop novel, machine-speed threats. We were purpose built to be a Leader in the AI era. For the sixth consecutive year, Gartner has named SentinelOne a Leader in the Gartner® Magic Quadrant™ for Endpoint Protection. What's driving the recognition: ✅ Autonomous detection and response at machine speed ✅ Unified visibility across endpoint, identity, cloud, and AI ✅ AI usage control through the Prompt Security acquisition ✅ AI-native from day one — not retrofitted 📖 Read the full report: s1.ai/GrtnrMQ26

~50% of SentinelOne's ARR now comes from emerging solutions. That's what platform expansion looks like. This quarter, our emerging solutions — AI, Data, Cloud, and more — reached half of our total ARR, alongside record net new ARR growth and the launch of Purple AI Auto-Investigations. 📈 Q1 FY2027 highlights: $1.163B ARR — 23% YoY $277M Revenue — 21% YoY Record net new ARR growth 4% Operating Margin (non-GAAP) — ~550 bps improvement YoY 22% Adjusted FCF Margin (non-GAAP) — ~230 bps improvement YoY $0.04 EPS (non-GAAP) — 83% YoY ~50% of ARR from Emerging Solutions Securing modern enterprises requires machine-speed defense — and infrastructure built for what's next, not retrofitted for it. Thank you to our customers, partners, and Sentinels. 🔗 Read the press release: s1.ai/Q1-27-PR 🎧 Listen to the call: s1.ai/Q1-27-Ern

From day one, SentinelOne was architected to stop novel, machine-speed threats. We were purpose built to be a Leader in the AI era. For the sixth consecutive year, Gartner has named SentinelOne a Leader in the Gartner® Magic Quadrant™ for Endpoint Protection Platforms. Autonomous detection. Machine-speed response. Built for this moment. 📖 Read the report: s1.ai/GartnerMQ-2026

Law enforcement took down cybercrime operations and attacker-controlled VPNs, a multi-brand spoofing macOS infostealer slips past OS mitigations, and Microsoft Defender faces zero-day exploits. This is the Good, Bad & Ugly. ⬇️ ✅ GOOD - INTERPOL coordinates 201 arrests across the MENA region in a massive cybercrime sweep. - Ukraine identifies an infostealer operator behind 28,000 stolen credentials. - International police seize a dedicated commercial VPN provider used explicitly for ransomware exfiltration. ⚠️ BAD - SentinelOne identifies "SHub Reaper," a new macOS stealer variant that impersonates Apple, Google, and Microsoft in a single attack chain. - Bypasses Apple's new Terminal security mitigations by abusing the native AppleScript URL handler. Acts as both a smash-and-grab credential thief and a persistent backdoor for remote access. 🤢 UGLY - Microsoft warns that attackers are actively exploiting two new Windows Defender zero-day vulnerabilities in the wild. - Security flaws (CVE-2026-41091 & CVE-2026-45498) allow privilege escalation to SYSTEM level and DoS on core endpoint engines. - CISA sounds the alarm, ordering federal agencies to secure all Windows endpoints urgently. Full breakdown → s1.ai/GBU9-Wk21

Turn blind trust into verified control with @prompt_security for Agentic AI. AI agents use trusted workflows and permissions to bypass traditional security. They act and execute. They hold credentials. Call APIs. Modify data. Chain actions across business-critical systems, at machine speed, without per-step human approval. Every agent in your environment is a non-human identity reasoning, deciding, and executing on your behalf. Most security teams can't tell you how many are running right now. That's the gap. And it's why we built Prompt for Agentic AI Security, SentinelOne's real-time discovery and governance control plane for the agentic layer. It surfaces every agent and MCP server across your environment (sanctioned or shadow). It maps what each one can reach, what it can do, and what permissions it holds. It scores risk dynamically. It enforces least privilege before unauthorized action chains can fire. And it gives you a full audit trail of every decision an agent made and every system it touched. Security shouldn’t be the reason your organization can't adopt agents. It should empower you to adopt them with confidence. Learn more: bit.ly/4nO5NIE

Industry-leading runtime protection, activated in one click in the AWS console. SentinelOne's Singularity Platform is now available through @awscloud Security Hub Extended. AI-powered endpoint protection, deployable in minutes from the AWS console customers already use. Turn on SentinelOne’s endpoint and detection and response (EDR), and cloud workload security with a single click. Deploy it seamlessly across their environment, and manage it alongside their broader AWS security signals all in one place. Use the AWS budgets and commitments you already have. One contract. One bill. No new procurement cycle. Security procurement simplified. Coverage complete. As Melissa K. Smith, our SVP of Global Strategic Partnerships, put it, "We're removing friction so teams can get to protection faster." Available now in all commercial AWS regions → s1.ai/AWS-HbExt