Cato CTRL Threat Research: Uncovering Nytheon AI - A New Platform of Uncensored LLMs

With the introduction of WormGPT in 2023, threat actors have been using uncensored large language models (LLMs) for malicious activities. Following the shutdown of WormGPT in the same year, numerous alternatives have emerged—including BlackHatGPT, FraudGPT, and GhostGPT, among others—primarily accessible through Telegram channels.

Arctic Wolf Observes Organizations Receiving Unsolicited Microsoft MFA Messages

Arctic Wolf has recently observed customers receiving unsolicited Microsoft multi-factor authentication (MFA) text messages. These messages originate from legitimate Microsoft short code numbers; however, the source and intent have not been confirmed. This issue appears widespread, affecting organizations across multiple industry verticals. Example of Text Message It is currently unclear whether this activity is due to a systemic issue on Microsoft’s side or part of a malicious campaign.

Keeper Security Named Overall Leader in 2025 GigaOm Radar Report for Enterprise Password Management

GigaOm, a renowned technology analyst firm, has recognized Keeper Security as the Overall Leader in Enterprise Password Management for the fourth year in a row. The GigaOm 2025 Radar Report for Enterprise Password Management highlights Keeper’s Privileged Access Management (PAM) solution, KeeperPAM, which helps organizations secure passwords, credentials, secrets and connections to mitigate cyber risks and defend against internal and external threats.

CISO Spotlight: Rick Bohm on Building Bridges, Taming AI, and the Future of API Security

Nestled in a log cabin high in the Rocky Mountains, Rick Bohm starts his day the same way he’s approached his career: intentionally, with a quiet commitment to learning and action. Boasting more than three decades of cybersecurity experience, Rick has watched tech evolve from dial-up ISPs to advanced AI-driven security architectures – and through it all, he’s focused on one enduring mission: protecting data, organizations, and people.

AI-automated Fuzzing Uncovers Two More Vulnerabilities in wolfSSL

Daniel Pouzzner from wolfSSL has challenged us to find 3 more vulnerabilities in the wolfSSL library, after we found the first one in October 2024. We weren't quite able to find three, but here are the additional two that we found: Both vulnerabilities were fixed in wolfSSL version 5.8.0, released on 24 April 2025. The fuzz tests that found these vulnerabilities were generated by our AI Test Agent.

Firewalls and VPNs in the Line of Fire: How Exploits Are Evolving

Over the past year, cybercriminal activity has shifted toward exploiting vulnerabilities found in company perimeters and infrastructure systems. Attacks are also being carried out within shorter and shorter timeframes. According to data from Google Threat Intelligence Group (GTIG) in 2024, 44% of zero-day attacks affected enterprise-focused technologies, compared to 37% in 2023.

OpenAI Report Describes AI-Assisted Social Engineering Attacks

OpenAI has published a report looking at AI-enabled malicious activity, noting that threat actors are increasingly using AI tools to assist in social engineering attacks and influence operations. In one case, the company banned ChatGPT accounts that were likely being used in North Korean attempts to fraudulently obtain jobs at US companies. “Similar to the threat actors we disrupted and wrote about in February, the latest campaigns attempted to use AI at each step of the employment process.

So your chatbot just insulted a customer? #cybersecurity #appsec

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

Strategic Signals from Money20/20: Digital Identity, Stablecoins, Open Banking

At this year’s Money20/20 Europe, the focus was clear and pragmatic. Three themes came through consistently: digital identity, stablecoins, and open banking. Each reflects a broader shift underway. Institutions are moving from exploration to implementation. Regulatory frameworks are taking shape. Infrastructure is evolving to meet new demands. These priorities emerged across our discussions with partners, customers, and colleagues—and signal where the market is heading.