Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

cato networks

Cato's ASK AI Assistant: Turning Complex Network Operations Into Simple Conversations

Jan 7, 2026 By Dr. Guy Waizel In Cato Networks
Every superhero needs a sidekick. For your network and security teams, that is Cato’s ASK AI Assistant, our new AI Assistant built to help you see, solve, and secure faster than ever. This isn’t a basic Q&A tool. It brings customer-specific information and ability to work with other tools to answer complex questions.
Read Post
Forward Networks

How Permit-All Mode Simplifies Troubleshooting Across Routing and Firewalls

Jan 6, 2026 By Forward Networks In Forward Networks
When application traffic fails to reach its destination, teams must determine whether the problem lies in routing, firewall rules, NAT behavior, or a combination of all three. In many environments, these components overlap in ways that make traditional troubleshooting slow and error-prone. Engineers often have to run repeated tests, stage changes, or temporarily disable rules to understand why a flow is being blocked.
Read Post
cato networks

Cato CTRL Threat Research: Vulnerability Discovered in Open WebUI Enables Account Takeover and Remote Code Execution (CVE-2025-64496)

Jan 5, 2026 By Vitaly Simonovich In Cato Networks
Cato CTRL’s Vitaly Simonovich (senior security researcher) has discovered a vulnerability (CVE-2025-64496 with a “High” severity rating of 7.3 out of 10) in Open WebUI in versions 0.6.34 and older. This flaw affects the Direct Connections feature, which lets users connect to external AI model servers (ex: OpenAI’s API). If a threat actor tricks a user into connecting to a malicious server, it can lead to an account takeover attack.
Read Post

Episode 5 - Detecting DNS Covert Channels in the Wild (Part 1)

Jan 1, 2026 By Corelight In Corelight
In Episode 5 of Corelight Defenders, I, Richard Bejtlich, engage with Corelight's co-founder and chief scientist, Vern Paxson, to delve into the intricate world of DNS covert channels. We explore how adversaries exploit DNS lookups to silently communicate within tightly controlled enterprise environments. Vern explains various methods attackers may use, from encoding data in seemingly benign domain names to manipulating the timing of requests. Our discussion highlights the challenges of detecting these covert channels, especially in the presence of network monitoring.
View Video
Understanding the Risks of Multi-Location Internet Connectivity

Understanding the Risks of Multi-Location Internet Connectivity

Dec 26, 2025 By SecuritySenses In SecuritySenses
Modern enterprises rarely live in one building anymore. Branches, stores, plants, and remote teams all depend on fast internet to reach apps and data. That reach is powerful, but it also multiplies the ways attackers can find you. The more doors you add, the more locks and alarms you need.
Read Post
Forward Networks

New Configuration Change History in Forward Enterprise

Dec 23, 2025 By Forward Networks In Forward Networks
Modern networks change constantly as teams modify interfaces, adjust routing, enable features, or deploy security controls. Over time, these individual updates create a complex configuration history that is rarely documented comprehensively. Without access to historical configuration data, engineers face significant challenges determining when changes occurred, whether they align with approved change windows, or how they influenced network behavior.
Read Post
Best Practices for Enterprise macOS Security: Tools, Techniques, and Detection Strategies

Best Practices for Enterprise macOS Security: Tools, Techniques, and Detection Strategies

Dec 23, 2025 By SecuritySenses In SecuritySenses
macOS data is increasingly targeted by hackers due to the sensitive information that Macs hold. Users require strong Mac cybersecurity measures to protect themselves from attacks. Combining Mac's built-in security features with third-party solutions provides hardened protection and continuous detection. Endpoint security for Mac best practices improve your enterprise macOS security. Implement secure configurations, effective device management, and real-time detection for advanced protection. Using a multi-protection strategy increases recovery speed and reduces the attack surface.
Read Post
Corelight

Inside the mind of a cybersecurity threat hunter part 3: hunting for adversaries moving inside your network

Dec 22, 2025 By Allen Marin In Corelight
Welcome back to our threat hunting series with Corelight and CrowdStrike. In our previous posts, we armed you with techniques to spot adversaries during Initial Access and how they establish Persistence to maintain their foothold. Now, we're diving into the shadowy dance of Defense Evasion and Lateral Movement.
Read Post
Corelight

Detecting CVE-2025-20393 exploitation: catching UAT-9686 on Cisco appliances

Dec 19, 2025 By David Burkett In Corelight
CVE-2025-20393 is a CVSS 10.0 Remote Code Execution (RCE) flaw in Cisco Secure Email Gateways currently being actively exploited by China-nexus groups. A recent advisory from Cisco Talos details how an actor dubbed “UAT-9686” is leveraging this vulnerability to target Cisco Secure Email Gateways (ESA) and Secure Email and Web Managers (SMA). The attack allows threat actors to execute arbitrary commands with root privileges and deploy persistence mechanisms.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.