The Palo Alto Networks acquisition of CyberArk topped the news last week while NVIDIA was pressed by Chinese regulators to prove that backdoors aren’t built into its chips. And new research reveals shortcomings and opportunities in Application Security.
Palo Alto Networks Buys CyberArk, Bet on Platformization Stirs Doubts
Palo Alto Networks continued its buying streak, picking up CyberArk last week for $25 billion in cash and stock in a move meant to strengthen its cybersecurity posture, particularly in identity security as AI adoption soars. But the deal has drawn mixed reviews from Wall Street and cybersecurity pros, who have questioned Palo Alto’s all-in on platformization. The company’s stock has fallen 17 percent since the deal was announced last week.
China Presses NVIDIA on Rumored Backdoors
NVIDIA recently has found itself under the scrutiny of a Chinese cybersecurity regulatory authority, which wants assurances that there are no backdoor security risks with the hotter than hot company’s AI H20 chips that were specially tailored for the Chinese market. The Cyberspace Administration of China has asked the chipmaker to produce documentation on the chips after the White House and Congress proposed U.S. chipmakers include track and location in their chips to ensure they’re not being traded with countries banned under U.S, export laws.
West Point Cans Easterly at Army Secretary’s Behest
Just one day after West Point had announced former CISA Director Jen Easterly as the Robert F. McDermott Distinguished Chair in the social sciences department, the college rescinded the appointment in at the direction of U.S. Army Secretary Dan Driscoll. Easterly, a Biden appointee, whose responsibilities included securing the nation’s elections, had vigorously defended CISA In the face of unrelenting criticism from President Trump, had also drawn the ire of some Republican lawmakers. And she apparently had been called out on social media by rightwing activist Laura Loomer as a holdover from the previous administration standing in the way of Trump’s agenda.
SharePoint ToolShell Vulnerabilities May Have Been Leaked Through Microsoft Alert Tool
Microsoft Active Protections Program (MAPP), the very tool meant to alert cybersecurity companies to vulnerabilities prior to disclosure may have been the source of a set of leaked SharePoint vulnerabilities referred to as ToolShell recently used by Chinese hackers against a legion of servers at government agencies. Microsoft is looking into whether one of the Chinese companies that signed up for MAPP is behind the leak.
As CISA Limps, the Private Sector Must Step In
Cybersecurity in defense of this nation depends on strong public-private partnership and coordinated collaboration. But the systematic dismantling of CISA over the past six months has raised questions about whether the government is still a reliable partner. As DOGE trekked through government, indiscriminately chopping CISA personnel by 30 percent, and with a budget cut of 20 percent likely coming in 2026—responsibility for protecting the U.S. against cyberattack is naturally shifting to private sector companies and perhaps the states.
AppSec Delays Are Real, and Risky
Conventional wisdom says bugs are to blame for delayed product launches. But new data tells a different story: 60 percent of IT and security leaders say security issues are now more likely to cause delays than feature bugs. And it’s not just timelines at risk. Careers are on the line too. Nearly 80 percent of respondents to the 2025 State of Application Security Survey, conducted by TechStudio™, an Energize Marketing® company, and Cypress Data Defense, say they are concerned about losing their jobs in the aftermath of a breach.