Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For decades, enterprise IT has been shaped by point solutions and stitched-together architectures. Many so-called platforms are product portfolios in disguise, made up of separately built or acquired solutions that run on disparate architectures and are loosely connected at best. Today, there’s a fundamental shift happening in enterprise IT. It’s not about another feature or another product category. It’s about economics.

Anthropic’s upcoming Mythos model points to something far more consequential than another leap in artificial intelligence. It signals a shift that could redefine the balance between attackers and defenders in cyberspace.

Security vendors have linked recent incidents involving trusted software components to a supply chain attack campaign by TeamPCP, a cloud-focused threat actor group. The reported activity involved three widely used types of development components, which include.

Agentic AI is quickly transitioning from experimentation to production. Enterprises are deploying AI agents to interpret goals, decide what actions to take, interact with business tools and APIs, and execute those actions autonomously, with limited or no human oversight. The promise is speed and efficiency, but the proverbial “blast radius” is bigger and fundamentally different from anything security teams have managed before.

Cato researchers have discovered a new indirect prompt injection exploit pattern workflow in BrowserOS (an open-source agentic AI browser). We named it “WebPromptTrap” because the prompt originates from untrusted web content and it traps users into approving an authorization step through a trusted-looking AI summary.

If your encrypted traffic was captured today, would it still be private in ten years? That question changes the conversation. Leaders are used to asking, “Is it encrypted?” Now they are asking, “How long does it stay confidential?” That is where post quantum cryptography, or PQC, comes in. Its role is to strengthen the foundations of a secure connection by improving how trust is established before any data is exchanged. Today’s encryption still works.

Every major technological shift reshapes the landscape, creating both winners and losers. AI will be no different. The key question is which companies are positioned to capture the value it generates, and which ones may fall behind as it unfolds. If you look at previous technology shifts, the winners were not always the companies building the most visible products. They were often the ones that enabled the shift to happen in the first place, or those that benefited from the structural changes it created.

Cato CTRL has discovered a q-based delivery technique used against an Italy-based consumer services company associated with PhantomBackdoor, a multi-stage WebSocket-based backdoor previously reported in a Ukraine-focused spear phishing operation by SentinelOne. In SentinelOne’s earlier reporting, initial access relied on phishing lures and a ClickFix-style flow that triggered a staged PowerShell and ended with a WebSocket backdoor.