Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cato Networks’ SASE certification portfolio has taken a major step forward with Cato’s official recognition as an ISC2 Continuing Professional Education (CPE) Partner. ISC2 is one of the most trusted names in cybersecurity, representing more than 500,000 members worldwide. Their certifications are widely regarded as the benchmark for professional excellence in security.

Savanti is Cato Networks’ internal, agentic AI assistant that blends knowledge from Slack, Confluence, Git, and Jira to provide instant, context-rich answers. Savanti routes each query through an adaptive reasoning workflow by choosing between direct, deep, or multi-step reasoning based on the question’s complexity. Every answer is grounded in real internal context, backed by citations, and evaluated for confidence before being delivered.

Every superhero needs a sidekick. For your network and security teams, that is Cato’s ASK AI Assistant, our new AI Assistant built to help you see, solve, and secure faster than ever. This isn’t a basic Q&A tool. It brings customer-specific information and ability to work with other tools to answer complex questions.

Cato CTRL’s Vitaly Simonovich (senior security researcher) has discovered a vulnerability (CVE-2025-64496 with a “High” severity rating of 7.3 out of 10) in Open WebUI in versions 0.6.34 and older. This flaw affects the Direct Connections feature, which lets users connect to external AI model servers (ex: OpenAI’s API). If a threat actor tricks a user into connecting to a malicious server, it can lead to an account takeover attack.

Every merger or acquisition follows a familiar script: two companies, two networks, two security stacks, one clock. Partners who deliver Day-1 access quickly, then guide a clean path to standardization and modernization, help customers realize deal value sooner. Do that repeatedly and you become the trusted M&A partner across the portfolio.

It was a quiet Monday morning until John, head of IT, opened his laptop and saw 424 new support tickets. Users across the office were reporting issues like “apps won’t load” and “internet not working.” After hours of investigation that stretched into the next day, the team traced the problem to a branch router overwhelmed by malformed DNS queries from a misbehaving IoT device.

Millions of homes, businesses, and hospitals depend on solar power, a clean and cost-effective source of renewable energy. Adoption has accelerated worldwide thanks to major government initiatives such as the Inflation Reduction Act (IRA) in the U.S., the Renewable Energy Directive (RED II) in the EU, the Smart Export Guarantee in the UK, and Australia’s Small-scale Renewable Energy Scheme (SRES). As clean energy infrastructure expands, a new vulnerability is emerging.

JSCEAL is an information stealer that’s been targeting users of cryptocurrency applications. As reported by Check Point Research (CPR) in July 2025, JSCEAL has developed into a more advanced form. In a new campaign observed by Cato CTRL in August 2025, JSCEAL has adopted a revamped command-and-control (C2) infrastructure, enhanced anti-analysis safeguards, and an updated script engine designed for increased stealth. The campaign remains active.

Phishing remains one of the most effective methods for stealing credentials and breaching enterprise environments. Despite advanced email and browser protections, attackers now leverage AI, and automation to outpace traditional defenses. The Verizon 2024 Data Breach Investigations Report found that 68% of breaches involve the human element, often triggered within seconds of a phishing lure, just 21 seconds to click and 28 seconds to submit credentials.