Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cato CTRL Threat Brief: AI, Zero-Days, and the US-China Cyber Arms Race

Underlying the US–China AI race, there’s arguably a more sinister arms race—the race to identify zero-day threats. Frontier AI algorithms, such as Anthropic Mythos (here) and China’s Qihoo 360 (here), are compressing the zero-day discovery cycle. But how those discoveries are gathered and shared among cooperating entities is giving China significant defensive and offensive advantages.

Is GRC Cool Again? How Mythos and Frontier AI Models Are Bringing a New Focus to Governance and Risk Management

For the record, I always thought the GRC was cool. NIST Framework? Yes please. Vendor risk register? Tell me more! Not everyone shared my enthusiasm for effective and efficient cyber risk reduction. Until now. Suddenly, seemingly overnight, managing the digital supply chain became really, really important. AI governance (a phrase that didn’t even exist a year ago) is now the topic of boardroom discussions. Yes, it will look different and operate in a new way.

Why MCP Breaks the Financial Services Security Stack

A relationship manager asks the firm's AI assistant to "summarize my top wealth clients by AUM and flag anyone with a pending transfer over $500K." The agent calls a CRM MCP server, then a core banking MCP server, then a market data MCP server, and returns a clean answer in twelve seconds. Names, balances, account numbers, pending wire details, all rendered in plain text inside the chat window. No file moved. No email left the network. No DLP channel triggered.

Exposure vs Vulnerability Management: Is There Actually a Difference?

In this exclusive fireside chat, Seemplicity CPO Ravid Circus and SANS instructor Jonathan Risto break down this critical distinction and why mastering it is vital as AI rapidly reshapes the cybersecurity threat landscape. Here’s a summary of what they covered. If you’ve been in security for any length of time, you’ve probably wondered whether exposure management is just vulnerability management with a fresh coat of paint.

Practical MCP Security: A Playbook for Mid-Market Teams

Most guidance published on AI agent security is written for enterprise organizations. It assumes dedicated AI security functions, red teams, platform engineering groups, and the budget to commission purpose-built tooling. If your security team is three people covering five hundred employees and a cloud environment that grows faster than you can document it, that guidance was not written for you. The five posts in this series have established the threat landscape.

Free Gift Fallacy: How Attackers Harvest Credit Cards via Fake Surveys

The classic 'survey reward' scam is back and hitting harder than ever. KnowBe4 Threat Labs is tracking a massive, high-volume campaign that is not only impersonating a wide array of trusted global brands across retail, logistics, and healthcare, but is using hundreds of newly registered domains (NRDs) and sophisticated psychological priming to fly past traditional security defenses.

Emerging Threat: (CVE-2026-48172) LiteSpeed cPanel Plugin Privilege Escalation to Root

CVE-2026-48172 is an incorrect privilege assignment flaw in the LiteSpeed User-End cPanel Plugin that allows any authenticated cPanel user to execute arbitrary scripts as root. The bug sits in the plugin's lsws.redisAble function, which can be invoked through the standard cPanel JSON API to run code with elevated privileges instead of the calling user's own. The vulnerability carries a CVSS v4.0 base score of 10.0 (Critical).

Continuous Offensive Security: The Line We've Been Walking

AI Pentesting is having a moment. Well, several moments, actually. Every other week, another vendor announces something, or another LLM-driven pentesting tool tops some benchmark on a target nobody's heard of, another deck claims a new "gold standard" being disrupted, at long last... It's been busy.