Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

It is tax season in the United States and that means plenty of tax scams. I recently received these SMS messages. I am a TurboTax user, so hey, these might be legit, even though they look scammy. I first looked up the ttax.us domain using GoDaddy’s Whois service. The ttax.us domain is not valid. Fact is, scammers would not have sent out a scam message using a non-existent domain, so it probably means that it was taken down. Well, that’s good!

VMware vCenter Server, the centralized management point in vSphere, is used for managing ESXi hosts, clusters, VMs, and other components in your virtualized data center. This blog post addresses the 503 Service Unavailable that you may get in vSphere Client when you try to connect to vCenter. Read to learn about the potential causes of this error and how to fix it. NAKIVO for VMware vSphere Backup Complete data protection for VMware vSphere VMs and instant recovery options.

The shift to distributed work has permanently changed how managed service providers (MSPs) operate. Endpoints now span offices, homes, airports and everything in between, and each one requires consistent protection, visibility and management. Attackers have also accelerated their use of automation and AI, increasing pressure on technicians already managing growing workloads. Traditional, manual service models can no longer keep up.

Most organizations have gotten very good at protecting the front door. We invest heavily in single sign-on (SSO), mandate multi-factor authentication (MFA), and lock down who can log in, from where, and under what conditions. We do everything to ensure that the right user has the right access. But one critical question often still goes unanswered: What really happens after someone logs in?

Cato CTRL’s Vitaly Simonovich (senior security researcher) has discovered a new vulnerability (CVE-2026-25611 with a “High” severity rating of 7.5 out of 10) in all MongoDB versions with compression enabled (version 3.4+, enabled by default since version 3.6), including MongoDB Atlas. The vulnerability can enable a threat actor to crash any MongoDB server. MongoDB Atlas clusters are not internet-reachable by default.

If you’re like me, you’ve been enthralled with the recent story, expertly written by Sean Hollister at The Verge, about how Sammy Azdoufal built a remote control for his DJI Romo vacuum with a PlayStation controller, and ended up in control of 7,000+ robovacs all over the world. On the surface, it sounds like vibe coding gone slightly sideways. I mean, really, what could a vacuum possibly do? Turns out… a lot.

LAPSUS$-linked breaches did not break multi-factor authentication (MFA) cryptographically. Attackers obtained valid authentication outcomes through techniques commonly described as MFA fatigue attacks or MFA bypass attacks, including push-prompt abuse, SIM swapping, social engineering, and session token replay. Understanding how these attacks succeed helps explain where modern identity defenses must evolve.

Cybersecurity doesn’t really have quiet days. Usually, it’s just long stretches of constant noise before realizing you’ve been blindsided. That blindside is a flat list of unprioritized vendors. Without a way to filter what matters when a team needs to mitigate the fallout of a crisis, a vendor inventory like this becomes a compliance-only activity that offers a false sense of security.

NIS2 documentation requirements form the essential foundation of regulatory compliance — defining the documented controls that underpin NIS2 audit readiness and demonstrable cybersecurity governance. Yet in 2026, the landscape is shifting: documentation alone is no longer enough.

We’ve got a boatload of features to show off this week. We knocked out some of the most common requests, user management, single-sign on, and my personal favorite: the weekly email summary.