Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In a typical enterprise environment, NTP server configurations may differ not just between vendors, but even across OS variants within the same vendor. Ensuring that these configurations are correct and standardized is critical for time synchronization, which underpins security, logging, and automation.

We’re excited to share new updates and enhancements for September, including: For more information on these updates and others, please read the complete list below and follow the links for more detailed articles.

Today’s enterprises are more fluid than ever. Employees work from personal devices, contractors join from unmanaged devices, and IT teams are expected to secure it all—without adding complexity or degrading performance. But most secure access tools were never built for this reality. The Cato Browser Extension offers a better way forward. It brings zero-trust access to unmanaged devices, BYOD, or third-party systems without installing endpoint software.

Today’s man-in-the-middle (MitM) attacks go far beyond coffee-shop Wi-Fi: they target browsers, APIs, device enrollments, and DNS infrastructure. Using automated proxykits and supply-chain flaws, attackers hijack session cookies, tokens, and device credentials—turning one interception into persistent, high-value access. Concerningly, these are not edge cases.

Security and engineering teams today face a tough balance: protecting sensitive resources while keeping developers productive. As organizations shift from on-prem to the cloud, access management becomes one of the biggest challenges. With more identities—human and non-human—gaining access to more resources across hybrid environments, the risks rise.

Law firms really are under constant pressure to meet tight deadlines, maintain client confidentiality and protect privileged communications. And like most aspects of life with technology so deeply intertwined, the same tools that make work possible can also be significant sources of risk. Consider something as basic as email; likely the most commonly used tool in the profession.

From customer-facing applications to internal systems, your businesses run on code. As CISOs, you may know that this reliance comes with a growing, complex challenge: securing the Software Development Lifecycle (SDLC) from end to end, especially against the insidious threat of software supply chain attacks.

Amazon refund text scams are on the rise. Learn how to spot the scam and keep your info safe. You get a text saying you’re owed an Amazon refund. Sweet, right? Not so fast. If it’s the Amazon refund text scam, that sweet deal could cost you more than you think. Here’s how to protect your devices with Avast Free Antivirus. Amazon refund text scams have garnered quite a lot of attention recently.

The widespread availability of large language models (LLMs) has driven the rapid development of generative and agentic AI applications for business use cases. These systems can reason, plan, and act autonomously, creating security risks that traditional security tools weren’t built to handle. Their popularity has widened the attack surface, both for organizations using external LLMs and those building their own GenAI applications.

With regulatory complexity rising across all industries, managing multiple frameworks and amended regulations simultaneously has become the new security standard. Regular audits and continuous improvement have also become essential, both to ensure ongoing compliance and to strengthen customer trust. ‍ However, manual compliance audits are time- and resource-intensive. Their complexity grows with each new framework, significantly raising the risk of human error and compliance fatigue.