Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Software delivery today is a delicate balancing act between moving quickly and maintaining security. CXOs chase release velocity, PMs measure success by the number of features shipped, and developers are asked to code faster with every sprint. However, every pipeline that prioritizes speed without embedded security is essentially gambling with the risk of a breach. Legacy security models still act like toll gates, piling on reviews and post-deploy scans that stall progress.

In Part 1 of this blog series, we explored the architecture, capabilities, and risks of the Model Context Protocol (MCP). In this post, we will focus on two attack vectors in the MCP ecosystem: prompt injection via tool definitions and cross-server tool shadowing. Both exploit how LLMs trust and internalize tool metadata and responses, allowing attackers to embed hidden instructions or persistently influence future tool calls without direct user prompts.

Today we’re announcing the beginning of the next phase of our journey. We’re launching our Vulnerability Intelligence feed, Nucleus Insights. As we’ve worked with many companies, partners, and clients over the years, this became an obvious next step for Nucleus, and I want to share with you why. Fixing vulnerabilities is expensive. Not just in terms of patching costs or system downtime, but in people, time, and lost focus.

As IT environments become more complex, organizations face rising threat volumes, persistent cybersecurity talent shortages, and adversaries capable of dwelling undetected for days and moving laterally within hours. In this context, choosing between SIEM and XDR is no longer a technical preference; it’s a strategic decision that shapes how your organization defends itself.

Jury duty scams are on the rise. Learn how to recognize the red flags, protect your personal data, and verify real court notices. “You missed jury duty and there’s a warrant out for your arrest.” If you've received a call like this, take a breath. Odds are, it's not the court—it’s a scam. These jury duty scams are making the rounds again, and they’re catching people off guard.

Every major technology wave reshapes enterprise security. The rise of the Internet gave us firewalls. The move to SaaS brought CASB and DLP. The migration to the cloud and rise of the hybrid workforce demanded a new architecture like SASE to enable network transformation. Today, the AI revolution is creating an entirely new attack surface – one that is as transformative as it is urgent.

We want to share an important update in light of the recent security incident involving Salesloft Drift, a third-party application connected to Salesforce. The issue centers on the misuse of OAuth tokens associated with the Drift app. Salesforce and other vendors identified unauthorized access between August 8 and 18, 2025. The incident has impacted hundreds of Salesforce customers. The Cato SASE Cloud Platform, services and infrastructure, were not affected in any way.

The advent and continuing widespread adoption of artificial intelligence for basic research, document creation, code writing, or any other purpose increases an organization’s threat level if done incorrectly. However, when an organization implements AI as a tool in a thoughtful and well-considered manner, it can be a great benefit.

The Salesloft Drift breach affected hundreds of organizations through Salesforce, including Cloudflare, Palo Alto Networks, and Zscaler. Google now explicitly recommends running secrets scanning tools across Salesforce data—here's your complete guide.