How to Detect and Stop Reverse Proxy Phishing Attacks in Real-Time

Reverse proxy phishing has quietly become one of the most effective –and hardest to detect– phishing tactics of the modern era. It’s fast, industrialized, and invisible to most security stacks. Instead of tricking users into handing over static credentials, these attacks use real-time relays to bypass MFA and hijack sessions as they happen.

Cato CTRL Threat Research: PoC Attack Targeting Atlassian's Model Context Protocol (MCP) Introduces New "Living off AI" Risk

Most organizations assume a clear boundary between external users, who submit support tickets or service requests, and internal users, who handle them using privileged access. However, when an internal user triggers an AI action from a model context protocol (MCP) tool, such as summarizing a ticket, that boundary can break.

Five Uncomfortable Truths About LLMs in Production

Many tech professionals see integrating large language models (LLMs) as a simple process -just connect an API and let it run. At Wallarm, our experience has proved otherwise. Through rigorous testing and iteration, our engineering team uncovered several critical insights about deploying LLMs securely and effectively. This blog shares our journey of integrating cutting-edge AI into a security product.

Data Loss Prevention Guide for Microsoft 365 and SharePoint

Organizations today face an unprecedented challenge: their most valuable assets can disappear in a matter of milliseconds through accidental sharing, malicious theft, or simple human error. Data Loss Prevention is a strategic approach to safeguarding information before it crosses organizational boundaries, acting as both a guardian and a gatekeeper for critical business assets.

Ransomware Attack Simulation: Did They Survive? #cybersecurity #ransomware

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

Weaving Chaos - Scattered Spider's Cyberattacks Spin a Dangerous Web Across the Insurance Industry

In Q2 2025, Scattered Spider has been noted as a prolific threat actor targeting several sectors across multiple countries. As of June 2025, the group appears to have moved towards targeting the insurance sector. This is not novel victimology within the landscape, with attacks consistently targeting the sector, particularly in the extortion sphere. This blog explores the attacks Scattered Spider has conducted in 2025, as well as similar attacks around the insurance sector in the year.

When the Adversary Shows Up in Person

Physical security and IT security have gone hand in hand for a long time. While cybersecurity teams are rightfully focused on protecting their virtual environments, they should also have an eye on whether an adversary is walking through the front door. “Anytime there’s a physical boundary, an adversary is going to look to cross over that — whether it be in person or using some technology to get over that boundary,” Adam says in this episode on physical security threats.