Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Today, we’ve announced during AWS re:Inforce 2025 that Cato Networks has received the “Deployed on AWS” badge, which identifies Amazon Web Services (AWS) partners whose products are powered by AWS infrastructure. As a Leader in the 2024 Gartner Magic Quadrant for Single-Vendor SASE, Cato sets the standard for converging networking and security in a single, cloud-native platform.

On June 12, 2025, a global outage at Google Cloud Platform (GCP) brought critical infrastructure to a halt. The ripple effects were immediate. Services from Palo Alto Networks and Cloudflare—both of which rely on GCP—experienced outages that lasted hours. Enterprises depending on these services were left blind and exposed. This wasn’t a first. It won’t be the last. But it was a wake-up call. When SASE, SSE, or SD-WAN platforms go down, the business is down. Productivity stalls.

Think back to being in high school and wanting to leave the room during class. Your teacher would give you a hall pass to show anyone monitoring the halls that you had permission to walk around. Your behavior, walking around during the class period, was suspect unless you followed the rule, getting a hall pass. For security teams, rule-based intrusion detections are the hall monitors that look for behaviors that indicate a problem.

Audit firms today face pressure to deliver faster, more accurate audits while meeting rising client expectations. Clients often operate with complex tech stacks, outdated evidence-gathering workflows, multiple frameworks, and numerous workspaces—all of which auditors must manage alongside their own established tools and processes.

On June 4, Asana identified a bug in its Model Context Protocol (MCP) server and took the server offline to investigate. While the incident was not the result of an external attack, the bug could have exposed data belonging to Asana MCP users to users in other accounts.

Vibe coding might sound like a trendy term, but it's really just developing software without automated checks and quality gates. Traditional engineering disciplines have always relied on safety measures and quality controls, so vibe coding should be no different in my honest opinion.

Researchers at Google have published a report on the latest scam trends, noting an increase in travel-themed scams targeting people preparing for their summer vacations. “Ahead of the summer vacation season, our teams have observed a spike in travel scams,” the researchers write. “Fake travel websites lure users into booking travel with a promise of ‘too good to be true’ prices, experiences, or discounts.

Researchers at Google’s Mandiant have published a report on voice phishing (vishing) attacks, noting that these attacks have served as initial access points for recent waves of ransomware incidents. Threat actors often perform reconnaissance before launching social engineering attacks, collecting publicly available information in order to craft tailored, realistic scenarios.

Merchants, third-party service providers (TPSPs), CISOs, security architects, and e-commerce businesses preparing for PCI DSS 4.0 compliance.

India's Digital Personal Data Protection (DPDP) Act, 2023 is a turning point in how personal data is regulated, managed, and protected across the country. As every industry becomes more digital, this law makes it clear who owns data and who must protect it. The Act introduces a legal imperative and an operational opportunity for SOC managers, CISOs, DPOs, and IT security teams to revisit how data is collected, stored, shared, and protected.