Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 16, 2026, two React Native npm packages from the AstrOOnauta were backdoored in a coordinated supply chain attack. Both releases added an identical install-time loader that fetches and executes a multi-stage Windows credential and crypto stealer, triggered by nothing more than a routine npm install. The affected packages are react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8.

We log into tons of apps each day, running on digital identities. With just one click, you can access thousands of apps without breaking a sweat. However, digital identities bring with them cyber threats, which are growing sharper each day, and compliance is getting tighter. So, who is the right person to trust to safeguard your digital identities? As organizations, you collect, store, analyze, and process sensitive data, which needs to be safeguarded with the right tech and tools.

Hybrid cloud environments rarely start as a carefully planned architecture. Most organizations reach that point gradually. A few workloads move to the cloud first. Then development teams adopt additional cloud services. Meanwhile, critical systems continue running on-premise because they cannot easily migrate. Over time, the result is an enterprise hybrid cloud environment that spans multiple infrastructure layers. From a business perspective, this flexibility is useful.

Tokenization and encryption both protect sensitive data, but they work differently and reduce different risks. Tokenization removes sensitive values from operational systems and can shrink compliance scope; encryption keeps data present but unreadable without keys. Choosing the right approach depends on data type, access patterns, and regulatory requirements like PCI DSS and HIPAA. Encryption and tokenization both protect sensitive data, support compliance, and appear in every major security framework.

Let’s talk about agent skills. As the AI agent ecosystem matures, we’re seeing a major shift in how users equip agents to run automated workflows. While robust protocols such as MCP exist to handle complex system integrations and authentication, skills have emerged as the go-to, low-friction way to shape an agent’s day-to-day behavior. Skills are extremely easy to adopt. In many cases, they are simply lightweight files that orchestrate scripts and commands.

On February 28, 2026, Israel and the United States launched a joint attack against Iran. In retaliation, Iran launched its own attacks against Israel and US-allied countries and bases in the region. The escalation in the Middle East is ongoing. Cato CTRL is currently monitoring the threat landscape in the region.

Sending an unsecured email can be likened to writing sensitive information on a sticky note and leaving it on someone else's desk: anybody can intercept and share that information. Fortunately, there are ways to ensure your emails are safe from the prying eyes of hackers through encryption, meaning your message — no matter how sensitive — is seen only by the intended recipient.