We’re excited to announce Jit's Customizable SAST Rulesets, a powerful new feature that allows AppSec and DevOps teams to create and manage custom Semgrep rules tailored to their specific security needs. With Jit orchestrating Semgrep scans across the entire codebase and continuously analyzing every code change, teams can now ensure security gaps are identified and addressed before they reach production.

A phishing campaign is impersonating travel agency Booking.com to target employees in the hospitality industry, according to researchers at Microsoft. The attacks use a social engineering technique called “ClickFix” to trick victims into downloading malware.

In 2025, hybrid cloud environments have emerged as a cornerstone for businesses striving to modernize their IT infrastructure. From leveraging AI-driven tools to enhancing performance, sustainability, and security, hybrid cloud is paving the way for a new era of efficiency and growth.

Trapping attackers and catching them red-handed before they even enter your network is the ultimate defense strategy. There is no doubt that traditional security systems are efficient in handling threats—but known threats! What if the attacker finds a new and unimaginable way to intrude into your network? This is where we need deception technology! Let’s go through both methods and find the differences in detail.

Our recent research reveals a concerning discrepancy between employees' confidence in their ability to identify social engineering attempts and their actual vulnerability to these attacks. While 86% of respondents believe they can confidently identify phishing emails, nearly half have fallen for scams in the past. This disconnect between perceived competence and demonstrated vulnerability, the "confidence gap", poses a substantial risk to organizations. The Danger of Overconfidence.

The Digital Operational Resilience Act (DORA) is the EU’s answer to ensuring digital operational resilience in financial services. This wide-reaching regulation applies to over 22,000 financial entities and Information and Communication Technology (ICT) service providers operating within the EU. But what does achieving compliance with the EU’s vision for resilience in digital financial operations look like?

In our modern digital world, sensitive data protection is an essential challenge for organizations of any scale. Data breaches can translate into huge financial losses, loss of customer confidence, and heavy legal fines. Data Loss Prevention (DLP) technology plays a crucial role in protecting information, but not all DLP technologies are capable of addressing the evolving threats. Legacy DLP infrastructure, which was the norm, is no longer good enough, exposing organizations to risks.

My two previous recent postings on AI covered “Agentic AI” and how that impacts cybersecurity and the eventual emergence of malicious agentic AI malware. Both of those articles started to touch on the idea of automated agentic AI defenses. This posting goes into a little more detail on what agentic AI defenses might mean. It starts with agentic AI, which is a collection of automated programs (i.e., bots or agents) working toward a common goal.

Today, Cato Networks published the 2025 Cato CTRL Threat Report. It is the inaugural annual threat report from Cato CTRL, the Cato Networks threat intelligence team. The key theme for this year’s report is artificial intelligence (AI), which reflects the current cybersecurity landscape where AI usage is skyrocketing among vendors—and threat actors. Within the report, we examine the security risks associated with LLMs and the increased adoption of AI applications within organizations in 2024.