Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Gradual by Design: What the Cloudflare Outage Reveals About Robust SASE Architecture and Operations

On November 18, 2025, a single configuration file change at Cloudflare disrupted access to large parts of the web. Around 11:20 UTC, Cloudflare’s network began returning a surge of HTTP 5xx errors. Users trying to reach services like X (formerly Twitter), ChatGPT/OpenAI, Ikea, Canva, and many others suddenly saw Cloudflare-branded error pages instead of the applications they expected. Cloudflare mitigated the issue, restored service, and published a detailed public report.

Cato CTRL Threat Research: HashJack - Novel Indirect Prompt Injection Against AI Browser Assistants

HashJack is a newly discovered indirect prompt injection technique that conceals malicious instructions after the # in legitimate URLs. When AI browsers send the full URL (including the fragment) to their AI assistants, those hidden prompts get executed. This enables threat actors to conduct a variety of malicious activities.

The Dark Side of Black Friday: When Ransomware Attacks Join the Shopping Rush

As retailers gear up for the year’s biggest sales, cybercriminals are preparing for their own “Black Friday rush.” They’re not after TVs, they’re after data. Last year, phishing surged more than 600%1 during Black Friday week and ransomware attacks rose nearly 60%2.

How Cato Blocks LummaStealer in Real Time: A Look Inside SPACE Detection & Prevention

LummaStealer is one of thousands of malware variants targeting users every day. In this video, we walk through how Cato’s SASE Cloud Platform detects and stops it in real-time, before data is exfiltrated or an endpoint is compromised. You’ll see how the Cato Single Pass Cloud Engine (SPACE) inspects all traffic in one pass, applying IPS, anti-malware, DNS security, and Secure Web Gateway controls across every PoP globally for a consistent security experience.

Cato CTRL Threat Research: Two Vulnerabilities in Anthropic's MCP SDK Enable OAuth Token Theft and Supply Chain Attacks

The SolarWinds supply chain attack in 2020 reminded the world how a single weakness in trusted software can have global consequences. That incident reshaped how organizations view software integrity and the importance of securing every stage of the development pipeline.

Armis and Cato: Redefining Device Security Through Intelligence and Enforcement

In today’s hyper-connected world, organizations face an unprecedented challenge: securing the explosive growth of connected devices across their networks. From laptops and smartphones to IoT and OT systems, the device ecosystem is expanding at a pace that traditional tracking and protection methods cannot keep up with.

Securing the AI Browser Revolution: How Cato Helps Mitigate Risks in OpenAI Atlas

The launch of OpenAI Atlas, an AI-powered browser that merges ChatGPT’s intelligence with a full web experience, marks a major leap in how people interact with the internet. Instead of typing queries or clicking through pages, users can now ask, act, and automate, delegating browsing tasks to AI agents capable of retrieving data, filling in forms, or performing actions on their behalf. For businesses, Atlas represents both opportunity and risk.

The Key To Detecting AI Threats - CTRLtheThreat Cybersecurity Tips From Cato CTRL

The key to detecting AI threats? Detecting them before they detect you. Tune in to this week's series in which Dolev Attiya, threat researcher and member of Cato CTRL, shares insights about AI malware threats, agent to agent and top ways to stay protected. Subscribe: short.url/aBcXyZ Let’s connect: Instagram: short.url/aBcXyZ LinkedIn: short.url/aBcXyZ X (Twitter): short.url/aBcXyZ TikTok: short.url/aBcXyZ.

Resilient by Design: Cato's Visibility and Backbone Performance Through the AWS Outage

On October 20, 2025, Amazon Web Services (AWS) experienced an outage affecting its US-East-1 region. The event caused temporary service degradation across a wide range of global applications and digital services, including business collaboration tools, financial platforms, airline operations, and consumer-facing websites used by millions of people worldwide, as reported in the news. We extend our appreciation to our partners at AWS for their swift and professional handling of the incident.

Cato CTRL Threat Research: Preventing Privilege Escalation via Active Directory Certificate Services (ADCS)

Maintaining an Active Directory (AD) enterprise environment is no easy task. Between all the permissions, security compliances, update cycles, emergency patches, appliance configurations and more, covering all the bases could feel overwhelming at times and could lead to errors that may result in major consequences.