Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Trust is the most expensive vulnerability in modern security architecture. In recent years, the security industry has pivoted toward a zero trust model for networks — assuming breach and verifying every request. Yet when it comes to the people behind those requests, we often default back to implicit trust. We trust that the person on the Zoom call is who they say they are. We trust that the documents uploaded to an HR portal are genuine. That trust is now being weaponized at an unprecedented scale.

Traditional Web Application Firewalls typically require extensive, manual tuning of their rules before they can safely block malicious traffic. When a new application is deployed, security teams usually begin in a logging-only mode, sifting through logs to gradually assess which rules are safe for blocking mode. This process is designed to minimize false positives without affecting legitimate traffic. It’s manual, slow and error-prone.

When threat actors compromise your vendors, they are rarely aiming for a single, isolated win. They are looking for leverage. Every third party represents a potential force multiplier: a trusted connection, a shared platform, a pathway into multiple downstream environments. We recently looked at the vulnerabilities that are most commonly being used against vendors, but vulnerabilities alone don’t tell the full story.

Our increasing dependence on the internet and, specifically, email for business and personal communication has produced the perfect environment for cybercriminals to launch phishing attacks. As organization’s technical controls have advanced, cybercriminals have evolved their attacks, making them more difficult for traditional email security solutions that use signature-based detection (such as Microsoft and secure email gateways (SEGs) to detect.

Phishing isn’t just increasing. It’s outpacing the way many organizations test for it. Attacks have surged 400% year over year, and corporate users are now more likely to be targeted by phishing than by malware. As social engineering becomes a primary entry point into enterprise environments, how you assess phishing risk matters just as much as how often you train for it.

It is tax season in the United States and that means plenty of tax scams. I recently received these SMS messages. I am a TurboTax user, so hey, these might be legit, even though they look scammy. I first looked up the ttax.us domain using GoDaddy’s Whois service. The ttax.us domain is not valid. Fact is, scammers would not have sent out a scam message using a non-existent domain, so it probably means that it was taken down. Well, that’s good!

VMware vCenter Server, the centralized management point in vSphere, is used for managing ESXi hosts, clusters, VMs, and other components in your virtualized data center. This blog post addresses the 503 Service Unavailable that you may get in vSphere Client when you try to connect to vCenter. Read to learn about the potential causes of this error and how to fix it. NAKIVO for VMware vSphere Backup Complete data protection for VMware vSphere VMs and instant recovery options.

The shift to distributed work has permanently changed how managed service providers (MSPs) operate. Endpoints now span offices, homes, airports and everything in between, and each one requires consistent protection, visibility and management. Attackers have also accelerated their use of automation and AI, increasing pressure on technicians already managing growing workloads. Traditional, manual service models can no longer keep up.

Most organizations have gotten very good at protecting the front door. We invest heavily in single sign-on (SSO), mandate multi-factor authentication (MFA), and lock down who can log in, from where, and under what conditions. We do everything to ensure that the right user has the right access. But one critical question often still goes unanswered: What really happens after someone logs in?

Cato CTRL’s Vitaly Simonovich (senior security researcher) has discovered a new vulnerability (CVE-2026-25611 with a “High” severity rating of 7.5 out of 10) in all MongoDB versions with compression enabled (version 3.4+, enabled by default since version 3.6), including MongoDB Atlas. The vulnerability can enable a threat actor to crash any MongoDB server. MongoDB Atlas clusters are not internet-reachable by default.