General Industry Update

In a recent revelation that sent shockwaves through the cybersecurity community in April, a German software developer employed by Microsoft accidentally discovered deliberate sabotage in the latest version of the critical open-source program, XZ Utils. Open-source software like XZ Utils underpins much of the internet, as such programs are free, offering transparency and flexibility for programmers. This sabotage, if undetected, could have provided hackers unauthorized access to countless servers across the internet, opening them to ransomware and other forms of cyberattack.

Security analysts emphasize that the fortuitousness of this detection (discovered, as it was, before widespread deployment) averted a potential cybersecurity catastrophe. This near-miss has served as a critical wake-up call to the vulnerability of open-source software.

The incident underscores the challenges faced by open-source projects, which are often sustained by a small cohort of unpaid volunteers amidst mounting demands for enhancements and patches. Such was the case with XZ Utils, which is primarily maintained by a single individual, and which was sabotaged when a volunteer developer was brought on board to share the load.

This “volunteer” (now believed to be a skilled hacker, possibly affiliated with a powerful intelligence entity) inserted a near-invisible backdoor into XZ Utils, which was ultimately found thanks to the diligence of the Microsoft software developer and a bit of good luck.

U.S. government officials, including Assistant National Cyber Director Anjana Rajan, have highlighted the necessity of fortifying open-source software against such threats, with the Cybersecurity and Infrastructure Security Agency advocating for increased support and contributions from tech companies. This sabotage incident has also instilled a sense of unease within the open-source community, prompting calls for greater safeguards.

The XZ incident serves as a poignant reminder of the imperative to re-evaluate existing practices and incentivize greater investment in the sustainability and cybersecurity of open-source ecosystems.¹

Company Specific Updates

Darktrace Plc

Darktrace announced in April the launch of the Darktrace ActiveAI Security Platform, integrating the company’s existing top-tier security products with new innovations, such as enhanced protection for email and operational technology. The ActiveAI Security Platform uses AI to shift security operations towards proactive cyber resilience. It identifies and addresses security weaknesses before hackers exploit them, detects and responds to various threats, and automates investigation processes, reducing manual efforts.

Its ability to visualize, correlate, and investigate threats across multiple domains, including cloud, email, network, endpoint, identity, and operational technology, is central to the platform. A commissioned report by Darktrace highlights the rising impact of AI-augmented cyber threats, with 74% of respondents noting significant impacts from them, yet 60% feeling unprepared to defend against them.

Darktrace’s Self-Learning AI engine detects threats in real-time, providing autonomous responses. New features include enhanced investigations, decryption capabilities, and firewall rule analysis, enabling pre-emptive threat mitigation.²

Palo Alto Networks

Palo Alto Networks has unveiled Cortex XSIAM for Cloud, marking a milestone in cloud security operations. This innovation integrates cloud detection and response capabilities into one AI-driven platform, making it the industry’s first cloud-optimized SOC platform.

Cortex XSIAM for Cloud is designed to address the unique cybersecurity challenges facing businesses that increasingly operate in the cloud—the kinds of challenges traditional SOC tools struggle to address. It addresses this gap by offering comprehensive cloud security operations through a unified, cloud-optimized solution.

Gonen Fink, SVP of Products for Cortex and Prisma Cloud, emphasized the platform’s AI-driven approach, aiming to eliminate data silos and enhance efficiency for SecOps teams. The new capabilities include a Cloud Command Center for visibility into cloud assets, a more robust Cortex XDR Agent combining runtime security with vulnerability management, and native integration with Prisma Cloud, enhancing collaboration between cloud and security teams.³

CYBR ETF: Diversified Investing in Cybersecurity

A cybersecurity ETF offers a great alternative to gaining exposure to this industry without being locked into any single security and without the hassle of hand-picking individual stocks. ETFs allow you to diversify by investing in multiple companies in multiple markets, ensuring that a single market shock won’t tank your portfolio.

Canada’s first cybersecurity ETF, Evolve Cyber Security Index Fund (TSX Ticker: CYBR), invests in global companies involved in the cybersecurity industry. For more information, visit the fund page here:

Portfolio Strategy and Activity

For the month, Darktrace Plc made the largest contribution to the Fund, followed by CACI International Inc and GDS Holdings Ltd. The largest detractors to performance for the month were Okta Inc, followed by Zscaler Inc and CrowdStrike Holdings Inc.



  1. Satter, R., “Why a near-miss cyberattack put US officials and the tech industry on edge,” Reuters, April 5, 2024;
  2. “Darktrace Transforms Security Operations and Improves Cyber Resilience with Launch of Darktrace ActiveAI Security Platform,” Darktrace, April 9, 2024;
  3. “Palo Alto Networks Delivers the Industry’s First Cloud-Optimized SOC Platform,” Palo Alto Networks, April 11, 2024;

Header Image Source: Getty Images Credit: Bill Hinton

The contents of this blog are not to be used or construed as investment advice or as an endorsement or recommendation of any entity or security discussed. These contents are not an offer or solicitation of an offer or a recommendation to buy or sell any securities or financial instrument, nor shall it be deemed to provide investment, tax or accounting advice. The information contained herein is intended for informational purposes only.
Commissions, management fees and expenses all may be associated with exchange traded funds (ETFs) and mutual funds (funds). Please read the prospectus before investing. ETFs and mutual funds are not guaranteed, their values change frequently, and past performance may not be repeated. There are risks involved with investing in ETFs and mutual funds. Please read the prospectus for a complete description of risks relevant to ETFs and mutual funds. Investors may incur customary brokerage commissions in buying or selling ETF and mutual fund units.
Certain statements contained in this blog may constitute forward-looking information within the meaning of Canadian securities laws. Forward-looking information may relate to a future outlook and anticipated distributions, events or results and may include statements regarding future financial performance. In some cases, forward-looking information can be identified by terms such as “may”, “will”, “should”, “expect”, “anticipate”, “believe”, “intend” or other similar expressions concerning matters that are not historical facts. Actual results may vary from such forward-looking information. Evolve Funds undertakes no obligation to update publicly or otherwise revise any forward-looking statement whether as a result of new information, future events or other such factors which affect this information, except as required by law.

Tags cyberattack  CYBR etf  Hackers  open-source software  Palo Alto Networks  ransomware  xz utils