Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cato CTRL has discovered a q-based delivery technique used against an Italy-based consumer services company associated with PhantomBackdoor, a multi-stage WebSocket-based backdoor previously reported in a Ukraine-focused spear phishing operation by SentinelOne. In SentinelOne’s earlier reporting, initial access relied on phishing lures and a ClickFix-style flow that triggered a staged PowerShell and ended with a WebSocket backdoor.

Artificial intelligence has moved from pilot project to core enterprise infrastructure faster than most security programs can adapt. AI is automating workflows, surfacing insights from complex datasets, and changing how work gets done across every function. But with that acceleration comes a new and expanding attack surface that most organizations are only beginning to understand.

Author: Sadi Zane.

When it comes to selecting a protocol to share files over the network, you commonly come across the SMB and CIFS terms in software interfaces and documentation. Some users think that SMB and CIFS are the same thing, and clearly identifying the difference may be difficult. However, let’s look at why CIFS can’t be used as a synonym for SMB. Learn about the SMB vs CIFS protocols differences and how to use the terms.

AI agents are only as effective as the data they consume. In this post, we explore the unsung hero of the security stack: data normalization. This process serves as the deterministic guardrail that makes AI grounding possible. Without a structured data foundation, grounding is only as good as the often chaotic data being retrieved, leading to confident but incorrect AI responses.

The cybersecurity landscape has fundamentally shifted in the last several years. Adversaries are no longer just using AI to draft phishing emails; they're deploying autonomous AI agents capable of executing end-to-end attack chains, from initial reconnaissance through lateral movement and data exfiltration. Anthropic's1 analysis of recent incidents indicates a rapid acceleration in attacker adoption of agentic workflows, dramatically shortening the time between initial access and impact.

CrowdStrike Falcon Platform for Government, our FedRAMP High authorized offering, has expanded to include CrowdStrike Falcon for XIoT. This addition delivers native XIoT visibility and protection through the CrowdStrike Falcon platform so government agencies can protect connected assets and critical infrastructure.

At Fal.Con Gov 2026, CrowdStrike is introducing new innovations to accelerate modernization and strengthen cyber defense of government systems, while helping agencies meet some of the most rigorous compliance standards within a FedRAMP-authorized environment. Cybersecurity is national security. Ransomware threatens public safety and continuity of operations. Supply chain compromise multiplies impact. Nation-state actors target critical infrastructure for strategic disruption.

Threat groups are uniquely open-minded when selecting their targets. They may issue platitudes about avoiding schools or critical infrastructure, but data from LevelBlue’s just-released Spotlight Report: Cyber Resilience and Business Impact in US SLED shows this is, unsurprisingly, false. The threat actors' broad-minded approach means public sector security teams have to be as prepared as any financial institution or healthcare facility.

In an AI-native world where Model Context Protocol (MCP) is the universal standard for AI connectivity, the security and governance stakes have never been higher. AI’s ability to take autonomous action through MCPs means that a single breach of an MCP server can grant attackers control over mission-critical enterprise systems, putting enterprises in an immediate and escalating state of agentic risk that cannot be ignored.