Network Security

The latest announcements from OpenAI and Anthropic mark another important step forward for frontier AI. They also reinforce something we’ve believed at SentinelOne for years: the future of cybersecurity will be shaped by AI-native defense. SentinelOne has worked closely with frontier labs for years, including OpenAI, Anthropic, and Google DeepMind, and naturally continues to do […]

On April 9, 2026, cpuid.com was actively serving malware through its own official download button. Threat actors had compromised the CPUID domain at the API level and were silently redirecting legitimate download requests to attacker-controlled infrastructure. The attack ran for approximately 19 hours. Users who navigated directly to the official site received a legitimate, properly

The Good | DoJ Disrupts TP-Link Router Network Run by Russian Spy Org This week, authorities in the U.S. carried out Operation Masquerade, a court-authorized operation to disrupt a DNS hijacking network run by Russia’s GRU Unit 26165 (APT28). The network involved the compromise of thousands of TP-Link small home and small office routers, spread

In the first blog of this series, we explored the Identity Paradox and how attackers exploit valid credentials to operate undetected inside enterprise environments. However, identity compromise rarely happens in isolation. To understand how these attacks begin, we need to look earlier in the intrusion lifecycle at the place many organizations still assume is secure:

The Good | SentinelOne AI EDR Stops LiteLLM Supply Chain Attack in Real Time This week, SentinelOne demonstrated how autonomous, AI-driven endpoint protection can detect and stop sophisticated supply chain attacks in real time, without human intervention. On the same day the attack was launched, Singularity Platform identified and blocked a trojanized version of LiteLLM,

A guide to the suspected North Korean cyber attack—and how SentinelOne defends against it at machine speed On March 31, 2026, a North Korean state actor hijacked the npm credentials of the primary Axios maintainer and published two backdoored releases that deployed a cross-platform remote access trojan (RAT) to Windows, macOS, and Linux systems. Axios

For decades, attackers have favored one intrusion method over all others: compromise the identity. Long before ransomware crews industrialized extortion and modern malware ecosystems matured, adversaries understood a simple truth. If you can access a legitimate account, you can bypass most security controls and operate inside a network with the same privileges as the user

Across organizations, AI adoption is accelerating. Tools are being deployed, workflows are being restructured, and headcount decisions are being made against the assumption that AI will absorb the analytical load. Most leaders doing this work believe they are being careful because the technology keeps reminding them it isn’t ready yet. This is a dangerous phase

Host-based Behavioral Autonomous AI Detection is by far the most effective way to generically see, and stop both Human and/or machine-speed AI Agent based rogue or malicious activities. On March 24, 2026, SentinelOne’s autonomous detection caught what manual workflows never could have: a trojaned version of LiteLLM, one of the most widely used proxy layers

The Good | U.S. Jails Ransomware Actors, Extradites Alleged RedLine Operator The DoJ has given Russian national, Aleksey Volkov, almost seven years in person and ordered him to pay full restitution for acting as an initial access broker in Yanluowang ransomware attacks. Between 2021 and 2022, he breached multiple U.S. organizations and sold network access