Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Claude Skills is a new feature from Anthropic that has gained rapid adoption, with more than 17,000+ GitHub stars already since its launch in October 2025, allowing users to create and share custom code modules that expand Claude’s capabilities and streamline workflows. But as this ecosystem grows, Cato CTRL uncovered a serious oversight into how Skills are executed.

The network and information security directive 2 (NIS2) is an EU-wide cybersecurity law that contains strengthened cybersecurity regulations and is a general set of mandatory security requirements aimed at already identified critical and important sectors.

Application security is becoming increasingly fragmented. Development and security teams use a wide array of tools for testing, protection, and supply chain security. While each tool serves a purpose, they often operate in silos. This fragmentation creates a disconnected view of an organization’s security posture, making it difficult to prioritize and remediate risk effectively.

Unexpected attacks are the hardest to fend off. In the realm of cyber, Zero Day vulnerabilities are among the greatest risks, as these software flaws are unknown and exploited before a fix is available, potentially compromising the thousands of organizations that are unwittingly using vulnerable software.

JFrog Security Research found 3 zero-day critical vulnerabilities in PickleScan, which would allow attackers to bypass the most popular Pickle model scanning tool. PickleScan is a widely used, industry-standard tool for scanning ML models and ensuring they contain no malicious content.

Tokenization isn’t new, but 2025 forced everyone to rethink it. You’ve got AI pipelines ingesting messy text, microservices flinging data around like confetti, and regulators asking for deletion receipts like they’re Starbucks orders. Most companies slap together a regex mask and call it “privacy.” Spoiler: it isn’t. Real data protection often hinges on choosing the right type of tokenization for the job.

In November 2025, chaos struck India’s major airports when a series of GPS spoofing attacks misled pilots, showing their aircraft up to 60 nautical miles off-course. The attack was swift, unsettling, and eye-opening; not just for aviation, but for anyone who relies on technology for critical operations. This incident made me realize something crucial: Resilience matters more than ever.

The question is no longer whether to invest in cybersecurity, but how to do it in a way that is sustainable, effective, and resilient.

When you’re operating with just five payment pages, PCI feels predictable. Not because controls are simple, but because the variables are contained. It’s simple math. You know the pages. You know the scripts. You know how often they change and who owns each one. So the environment is small enough that nothing surprises you, and predictability becomes the default. But then, your organization grows. New products, regional variants, A/B experiments, and acquisitions all add up.

Below is a look at how the Feroot platform evolved in 2025 and how these improvements support your compliance and security strategy heading into 2026.