Cato CTRL

Verified account

@CatoCTRL

Cato CTRL is the threat intelligence team at @CatoNetworks. Follow for the latest insights and threat research.

Joined March 2025

5 Following

136 Followers

111 Posts

8 days ago

Zero-days are becoming industrial. What separates the US and China isn’t talent or even frontier AI algorithms. It’s structure: how each side can collect, route, and reuse zero-days. In a cyber arms race, the pipeline is the weapon. Read the brief to learn why. https://t.co/ud4nyIRsAl

CatoCTRL's tweet photo. Zero-days are becoming industrial. What separates the US and China isn’t talent or even frontier AI algorithms. It’s structure: how each side can collect, route, and reuse zero-days. In a cyber arms race, the pipeline is the weapon. Read the brief to learn why. https://t.co/ud4nyIRsAl

0

1

0

0

25

12 days ago

Hashes: 2af0e8f624d17d657ccae5c3916f63421c86aa59405eddd963b22a365780f717 d1c6e991bc7e901e50347b6efb8e46a64d865682d65f45bba4514a0ee900e391 IOCs IPs: 91[.]98[.]22[.]202 18[.]198[.]127[.]183

0

1

0

0

53

about 1 year ago

🚨 Cato MDR Alert: We’ve detected a malicious IP address being used to download Quasar RAT, MeshAgent, and Defender Control via cURL. Key IoCs, URLs and hashes in the thread below. 🧵👇 #ThreatIntel #QuasarRAT #MeshAgent #DefenderControl

CatoCTRL's tweet photo. 🚨 Cato MDR Alert: We’ve detected a malicious IP address being used to download Quasar RAT, MeshAgent, and Defender Control via cURL.

Key IoCs, URLs and hashes in the thread below. 🧵👇

#ThreatIntel #QuasarRAT #MeshAgent #DefenderControl https://t.co/aHvmyIRwLc

2

9

5

0

694

12 days ago

🚨 Cato CTRL threat alert: our MDR team has detected new malicious IP address being used to download #MeshAgent and #DefenderControl via Powershell.

CatoCTRL's tweet photo. 🚨 Cato CTRL threat alert: our MDR team has detected new malicious IP address being used to download #MeshAgent and #DefenderControl via Powershell. https://t.co/NILGGpkVdM

1

1

1

0

171

18 days ago

📷 Cato CTRL threat alert: our MDR team has detected new Mirai Variant called Apex3. IOCs IPs: 46[.]37[.]123[.]247 45[.]202[.]247[.]123 64[.]7[.]199[.]151 81[.]29[.]156[.]127 Hashes: 9f32f650ce899ab47ff13c159d4f9dda460d78a7d3960ee7e338589863976d7c f6cd82158784ae0396000534816d03766fb909c732a45774dbb8cfa1bef26a05 1c16a7c5cee404c37de39563e7dae215f0eba4a61d7beca2f100398f67cd0208 #Mirai #Botnet #DDoS

CatoCTRL's tweet photo. 📷 Cato CTRL threat alert: our MDR team has detected new Mirai Variant called Apex3.
IOCs
IPs:
46[.]37[.]123[.]247
45[.]202[.]247[.]123
64[.]7[.]199[.]151
81[.]29[.]156[.]127
Hashes:
9f32f650ce899ab47ff13c159d4f9dda460d78a7d3960ee7e338589863976d7c

f6cd82158784ae0396000534816d03766fb909c732a45774dbb8cfa1bef26a05

1c16a7c5cee404c37de39563e7dae215f0eba4a61d7beca2f100398f67cd0208

#Mirai #Botnet #DDoS

CatoCTRL's tweet photo. 📷 Cato CTRL threat alert: our MDR team has detected new Mirai Variant called Apex3.
IOCs
IPs:
46[.]37[.]123[.]247
45[.]202[.]247[.]123
64[.]7[.]199[.]151
81[.]29[.]156[.]127
Hashes:
9f32f650ce899ab47ff13c159d4f9dda460d78a7d3960ee7e338589863976d7c

f6cd82158784ae0396000534816d03766fb909c732a45774dbb8cfa1bef26a05

1c16a7c5cee404c37de39563e7dae215f0eba4a61d7beca2f100398f67cd0208

#Mirai #Botnet #DDoS

CatoCTRL's tweet photo. 📷 Cato CTRL threat alert: our MDR team has detected new Mirai Variant called Apex3.
IOCs
IPs:
46[.]37[.]123[.]247
45[.]202[.]247[.]123
64[.]7[.]199[.]151
81[.]29[.]156[.]127
Hashes:
9f32f650ce899ab47ff13c159d4f9dda460d78a7d3960ee7e338589863976d7c

f6cd82158784ae0396000534816d03766fb909c732a45774dbb8cfa1bef26a05

1c16a7c5cee404c37de39563e7dae215f0eba4a61d7beca2f100398f67cd0208

#Mirai #Botnet #DDoS

CatoCTRL's tweet photo. 📷 Cato CTRL threat alert: our MDR team has detected new Mirai Variant called Apex3.
IOCs
IPs:
46[.]37[.]123[.]247
45[.]202[.]247[.]123
64[.]7[.]199[.]151
81[.]29[.]156[.]127
Hashes:
9f32f650ce899ab47ff13c159d4f9dda460d78a7d3960ee7e338589863976d7c

f6cd82158784ae0396000534816d03766fb909c732a45774dbb8cfa1bef26a05

1c16a7c5cee404c37de39563e7dae215f0eba4a61d7beca2f100398f67cd0208

#Mirai #Botnet #DDoS

0

2

2

0

91

23 days ago

Attackers don’t need bespoke malware for sophisticated intrusions—open-source frameworks are often enough. Cato CTRL blocked a suspected China-linked intrusion using TencShell, an undocumented Rshell-derived implant delivered through a masqueraded .woff payload and in-memory execution. If third-party access risk is on your radar, this report is worth a read: https://t.co/7N2mOkGOoY

CatoCTRL's tweet photo. Attackers don’t need bespoke malware for sophisticated intrusions—open-source frameworks are often enough. Cato CTRL blocked a suspected China-linked intrusion using TencShell, an undocumented Rshell-derived implant delivered through a masqueraded .woff payload and in-memory execution. If third-party access risk is on your radar, this report is worth a read: https://t.co/7N2mOkGOoY

0

2

1

1

177

about 1 month ago

🚨 New threat research: Cato CTRL found high-severity vulnerabilities in NVIDIA NeMo and Meta PyTorch that turn model files into RCE vectors. These models are pulled into systems with cloud credentials, IAM roles and sensitive data. Read more: https://t.co/4aRVNubiHZ

CatoCTRL's tweet photo. 🚨 New threat research: Cato CTRL found high-severity vulnerabilities in NVIDIA NeMo and Meta PyTorch that turn model files into RCE vectors. These models are pulled into systems with cloud credentials, IAM roles and sensitive data. Read more: https://t.co/4aRVNubiHZ https://t.co/nkx9MKqqXb

0

0

0

1

69

about 1 month ago

🚨 Cato CTRL threat alert: our MDR team has detected new Redteam infrastructure. IOCs IP: http://62[.]60[.]235[.]2:8888/ #RedTeam #ThreatIntel #Chisel #opendir

CatoCTRL's tweet photo. 🚨 Cato CTRL threat alert: our MDR team has detected new Redteam infrastructure.
IOCs
IP:
http://62[.]60[.]235[.]2:8888/
#RedTeam #ThreatIntel #Chisel #opendir https://t.co/dDisSPeWSj

0

1

1

0

134

about 2 months ago

AI is moving fast, and the threat landscape is evolving just as quickly. Join Cato CTRL and Microsoft experts live on May 20 at SASEfy 2026 for a practical look at Agentic Security: where it started, where it is today, and what’s next. Real risks, real examples. Save your spot today 👉 https://t.co/OgC0UQ6kIe

0

1

0

0

78

about 2 months ago

🚨 Cato CTRL threat alert: our MDR team has detected new Havoc C2 infrastructure. IOCs Domains: alfmarcussen[.]com aboutdolcera[.]com amaswellybmi[.]com dyg465g[.]com images[.]shopby[.]jp bowless[.]com belecoins[.]com handicraftai[.]com adventent[.]com allowcentral[.]com betropol337[.]com #C2 #ThreatIntel #Havoc

CatoCTRL's tweet photo. 🚨 Cato CTRL threat alert: our MDR team has detected new Havoc C2 infrastructure.
IOCs
Domains:
alfmarcussen[.]com
aboutdolcera[.]com
amaswellybmi[.]com
dyg465g[.]com
images[.]shopby[.]jp
bowless[.]com
belecoins[.]com
handicraftai[.]com
adventent[.]com
allowcentral[.]com
betropol337[.]com
#C2 #ThreatIntel #Havoc

0

2

2

0

188

3 months ago

With rising tensions in the Middle East, cyber activity from threat actors is expected to increase. We are monitoring the threat landscape and has outlined a summary of notable Iranian-linked CVEs. Read more: https://t.co/QXrPXPUlMe

CatoCTRL's tweet photo. With rising tensions in the Middle East, cyber activity from threat actors is expected to increase.
We are monitoring the threat landscape and has outlined a summary of notable Iranian-linked CVEs.
Read more: https://t.co/QXrPXPUlMe https://t.co/uiKeSNlpxW

0

1

1

0

47

3 months ago

Positive feedback can have odd side effects. A dog learned that saving kids from the Seine got him rewarded, so he started pulling them in to “save” them. AI models optimize the same way. Cato’s AI in Cybersecurity course shows how to manage the risks. https://t.co/mVSa5t7lL3

0

0

0

0

221

3 months ago

You secured the network. You secured the endpoints. Cato CTRL’s 2026 Threat Report reveals how threat actors now live inside your AI workflows- weaponizing them and walking out with your data. 5 discoveries that should keep you up at night https://t.co/sP780dvrzA

CatoCTRL's tweet photo. You secured the network. You secured the endpoints. Cato CTRL’s 2026 Threat Report reveals how threat actors now live inside your AI workflows- weaponizing them and walking out with your data. 5 discoveries that should keep you up at night https://t.co/sP780dvrzA https://t.co/w4RHrONZCI

1

2

0

0

100

3 months ago

Internet-exposed MongoDB servers can be crashed. 🚨 Cato CTRL found a vuln putting 210,000+ instances at risk, letting attackers take databases offline in seconds, even in enterprise environments. A fix is available. Patch now. ⚠️ https://t.co/jyDV63HeYf

CatoCTRL's tweet photo. Internet-exposed MongoDB servers can be crashed. 🚨 Cato CTRL found a vuln putting 210,000+ instances at risk, letting attackers take databases offline in seconds, even in enterprise environments. A fix is available. Patch now. ⚠️ https://t.co/jyDV63HeYf https://t.co/qOiNOUatx6

0

0

0

0

74

3 months ago

When your AI agent finishes a workflow, does it get offboarded? We don't give employees unrestricted access. We don't leave accounts active after someone leaves. But we do both with AI agents. That's where the risk begins. Time to treat AI agents as digital employees, not applications. https://t.co/AzvC4GvjZ9

CatoCTRL's tweet photo. When your AI agent finishes a workflow, does it get offboarded?
We don't give employees unrestricted access. We don't leave accounts active after someone leaves.
But we do both with AI agents. That's where the risk begins. Time to treat AI agents as digital employees, not applications.
https://t.co/AzvC4GvjZ9

0

0

0

0

54

3 months ago

🚨 New threat research: Cato CTRL identified a threat actor selling root shell access to a UK automation company. The real prize wasn’t the root shell, but the CEO’s AI personal assistant based on OpenClaw (packed with sensitive data). https://t.co/yaIMbyI8H2

CatoCTRL's tweet photo. 🚨 New threat research: Cato CTRL identified a threat actor selling root shell access to a UK automation company. The real prize wasn’t the root shell, but the CEO’s AI personal assistant based on OpenClaw (packed with sensitive data). https://t.co/yaIMbyI8H2 https://t.co/0wTEW668Qf

0

0

0

0

107

4 months ago

🚨Cato CTRL threat alert: our MDR team has detected Linux XMRig sample. IOCs URLs: http://37[.]221[.]64[.]235/f/.>_ http://fvbi[.]cc/f/.b0s http://194[.]163[.]133[.]186/f/.>_ Hash: 50ed3ea9a9ac019da42c6d6106780db2ac112fb2cf7500617e3d814e65ceaf89 #XMRig #c2 #Miner #Crypto

CatoCTRL's tweet photo. 🚨Cato CTRL threat alert: our MDR team has detected Linux XMRig sample.
IOCs
URLs:
http://37[.]221[.]64[.]235/f/.>_
http://fvbi[.]cc/f/.b0s
http://194[.]163[.]133[.]186/f/.>_
Hash: 50ed3ea9a9ac019da42c6d6106780db2ac112fb2cf7500617e3d814e65ceaf89
#XMRig #c2 #Miner #Crypto https://t.co/FZlf3mQhdp

0

2

0

0

110

5 months ago

CatoCTRL's tweet photo. https://t.co/8goTC2A5m6

CatoCTRL's tweet photo. https://t.co/8goTC2A5m6

CatoCTRL's tweet photo. https://t.co/8goTC2A5m6

0

0

0

0

225

5 months ago

🚨Cato CTRL threat alert: our MDR team has detected new EvilAI samples. IOCs Domains: myeditorpdf[.]com, docflares[.]com, cleareditpdf[.]com #EvilAI #C2 #ThreatIntel #FakePDF #SparkOnSoft

3

5

2

0

882

5 months ago

Hash: 4896b8eb9b3735ae9b9ad4ad8a0a9e0087bb9ab4dbed0db272d8ad89adcbe193 edcd5b2a5419ae6860ac92ffe0be86ee28857adde13420a7f972dbc0883e7eb3 57b613900bd063ed9b0593478c4dd4612e08ef71b99e30823b037e91029fdec5 9b68061d1fe7f87546215264dc403ca65481a91c4b1b50df144ba561bbb63c2b

1

0

1

0

273

5 months ago

🚨 Cato CTRL threat alert: our MDR team has detected new JSCEAL C2 domains. IOCs Domains: unitedgroupvision[.]com, brightlinenord[.]net More info: https://t.co/AW9qBuYI5H #JSCEAL #C2 #ThreatIntel

CatoCTRL's tweet photo. 🚨 Cato CTRL threat alert: our MDR team has detected new JSCEAL C2 domains.
IOCs
Domains: unitedgroupvision[.]com, brightlinenord[.]net
More info: https://t.co/AW9qBuYI5H
#JSCEAL #C2 #ThreatIntel https://t.co/EPHLIhYvl3

1

5

3

0

733

Last Seen Users on Sotwe

Trends for you

Most Popular Users