Critical Infrastructure Protection & Cybersecurity Blog

Apr 6, 2026 | Critical Network Security

APT37, LNK Files, and the USB Risk in Air-Gapped Environments

Recent intelligence on APT37 emphasized the critical reality that many organizations still treat air-gapped networks as impenetrable, despite evidence to the contrary. When adversaries are denied network-based entry points, they pivot to physical vectors. In industrial, defense, and critical infrastructure environments, that vector is almost always removable media.

Apr 3, 2026

The Axios npm Attack: How a Trusted Package Became a Malware Delivery System

Apr 2, 2026

Zombie ZIP (CVE-2026-0866): How a Malformed Archive Header Is Bypassing 98% of Security Scanners

Apr 2, 2026

Content Disarm & Reconstruction (CDR): 8 Best Vendors in 2026

Apr 2, 2026

Breaking the Attack Chain

Apr 2, 2026

Unsecured File Uploads Are Putting Healthcare Organizations at Risk; Here’s How to Fix It

Apr 2, 2026

EU Cyber Resilience Act (CRA):  A Roadmap to Software Supply Chain and SBOM Compliance

Apr 1, 2026

Concatenated PDFs: A Simple Trick That Confuses Anti-Malware Engines and AI Systems

Mar 30, 2026

OPSWAT Earns Common Criteria EAL4+ Certification for MetaDefender Core™

View All Articles

Mar 25, 2026 | Industry News

From Privilege Escalation to Full Denial of Service: Exploit Chain Across Multiple CVEs in Cisco Catalyst Devices Discovered by OPSWAT Unit 515

Cisco Catalyst switches sit at the heart of enterprise networks, where the management plane is both a high-value target and a single point of operational failure. During proactive research in the OPSWAT Critical Infrastructure Protection (CIP) Lab, OPSWAT Unit 515 identified four vulnerabilities affecting Cisco Catalyst 9300 Series switches.

Mar 25, 2026

Cyber Resilience for Critical Infrastructure Under Australia’s SOCI Act

Mar 19, 2026

CVE-2025-8088 Technical Analysis: WinRAR Arbitrary File Write Through ADS

Mar 18, 2026

AI Platforms Are Not Exempt from Security Risks: Unit 515 Uncovers Multiple Critical-Severity RCE Vulnerabilities in WeKnora

Mar 16, 2026

Your CAF 4.0 Action Plan: Secure Critical Infrastructure and Protect Against Modern Threats

Feb 26, 2026

Technical Analysis of FortiCloud SSO Authentication Bypass: CVE-2025-59718 & CVE-2025-59719

Feb 13, 2026

Change Default Credentials Now: Hard Lessons from the CERT Polska Energy Sector Report

Jan 21, 2026

Critical Apache Tika XXE Vulnerability: 3 Defense Layers Beyond Patching CVE-2025-66516

Jan 14, 2026

CVE-2025-50154: Coerced NTLM Authentication via Windows Explorer Shortcut Processing

View All Articles

Mar 16, 2026 | Cloud Security

OPSWAT’s Enterprise Data Protection Business Thrives as Organizations Prioritize Secure Storage

Increasing file-born risk in burgeoning cloud and on-prem storage drives adoption of MetaDefender Storage Security™

Mar 10, 2026

Salesforce File Upload Security: How to Stop Malware and Malicious Links Before They Compromise Your CRM

Feb 2, 2026

File-Based Malware: A Hidden Compliance Risk for Financial Institutions

Dec 19, 2025

The Update You Can’t Afford to Skip: End of Support for Office 2016 and Office 2019

Oct 15, 2025

Common Cloud Vulnerabilities & Security Risks Explained

Oct 15, 2025

Cloud Vulnerability Management: Process, Best Practices & Benefits

Sep 29, 2025

MetaDefender Cloud Update: A More Intuitive Experience with Clearer Visibility and Sharper Insights

Jul 3, 2025

What is Hybrid Cloud Security?

Jun 4, 2025

Are Your Cloud Files Secure? Here’s How to Protect Them from Growing Threats

View All Articles

Apr 6, 2026 | Critical Network Security

APT37, LNK Files, and the USB Risk in Air-Gapped Environments

Apr 2, 2026

Breaking the Attack Chain

Mar 23, 2026

Following ShadyPanda’s Backdoor, How MetaDefender Endpoint Helps Stop Browser Extension Exploits

Mar 23, 2026

Applications of Data Diodes in National Defense Environments

Mar 19, 2026

Data Diodes in Transfer CDS: Securing High-Assurance Cross-Domain Solutions

Mar 18, 2026

CI Fortify and the Case for Isolation-Ready OT Architecture

Mar 17, 2026

Data Diodes and NERC CIP:  Your Fast Pass to Compliance

Mar 16, 2026

Preventing IT-to-OT Lateral Movement with Data Diodes

Mar 6, 2026

The Future of Data Diodes

View All Articles

Jul 21, 2025 | Email Security

How High Availability and Scalability Make Email Security More Resilient

OPSWAT MetaDefender Email Gateway Security 6.1.0

Feb 3, 2025

Phishing Detection in Real-Time Secures Critical Infrastructure Against Threats

Dec 24, 2024

How to Prevent Phishing Attacks

Oct 8, 2024

Key Insights from the Osterman 2024 State of Email Security Report

Sep 17, 2024

New Study from Osterman Research and OPSWAT Finds 80% of Organizations Experienced an Email-Related Security Breach in the Last Year

Sep 2, 2024

Phishing-as-a-Service is Now a Growing Threat to Financial Institutions

Aug 26, 2024

Stop Phishing Attacks That Target Government Institutions with Multi-Layered Email Security

Jun 24, 2024

What is Quishing? QR Code Phishing Email Security Threats on the Rise

Jun 17, 2024

What is Credential Harvesting? 4 Ways to Protect Your Organization

View All Articles

Jan 22, 2026 | Endpoint Management

How MetaDefender Endpoint™ Supports Your Cyber Essentials Compliance Journey

Over the last six months, malware complexity has jumped by 127%, according to OPSWAT’s 2025 Threat Landscape Report.

Customer Stories

Securing Access to Proprietary Code with My OPSWAT Central Management: A Leading Game Developer’s Story

Nov 27, 2024

Comprehensive Guide to BYOD Security

Oct 18, 2024

Remediating the CVE-2024-0517 Vulnerability in Google Chrome

Oct 10, 2024

Preventing USB-Based Threats

Sep 26, 2024

How to Prevent Ransomware

Sep 26, 2024

Fortifying Endpoint Security for Omnissa Access™ with OPSWAT MetaDefender® IT Access

Sep 4, 2024

WhatsApp Application Bug

Aug 30, 2024

The Security Advantages of OPSWAT MetaDefender Endpoint for Critical Infrastructure

View All Articles

Apr 2, 2026 | File Security

Zombie ZIP (CVE-2026-0866): How a Malformed Archive Header Is Bypassing 98% of Security Scanners

Ask most security teams how they handle incoming ZIP files and you’ll hear the same answer: “We scan them.” What they mean is that their anti-malware or EDR solution reads the archive’s header, extracts the contents, and scans for known threats. The problem is that most scanning engines trust what an archive declares about itself. Attackers have known how to exploit that assumption for years.

Apr 2, 2026

Content Disarm & Reconstruction (CDR): 8 Best Vendors in 2026

Apr 2, 2026

Unsecured File Uploads Are Putting Healthcare Organizations at Risk; Here’s How to Fix It

Apr 1, 2026

Concatenated PDFs: A Simple Trick That Confuses Anti-Malware Engines and AI Systems

Mar 30, 2026

OPSWAT Earns Common Criteria EAL4+ Certification for MetaDefender Core™

Mar 20, 2026

Managed File Transfer Across IT, OT, & DMZ Networks

Mar 20, 2026

Why File Transfers are a Top Malware Entry Point

Mar 12, 2026

AI-Accelerated Software Development Makes File Security the New Front Line of Cyber Defense

Mar 9, 2026

What We Learned from CVE-2026-21509

View All Articles

Aug 8, 2025 | Malware Analysis

Zero-Day Detection: How to Identify and Prevent Attacks

A zero-day vulnerability is a software or hardware flaw unknown to its developer or vendor. With no patch or fix available, attackers can exploit it immediately, meaning there are zero days without prior warning or defense.

Jul 21, 2025

Enhanced Threat Detection in Cybersecurity: AI & Tools Explained

May 23, 2025

MetaDefender Aether 2.3.0: AI-Powered Reverse Engineering, Smarter Threat Detection, and Broader Malware Coverage

Customer Stories

Enhancing File Security: A Financial Institution’s Journey to Advanced Threat Prevention

May 6, 2025

Validated Speed & Security: Venak Security’s AMTSO-Aligned Test Confirms MetaDefender Aether Leadership

May 6, 2025

Phishing in Plain Sight: Why Email Authentication Isn’t Enough Anymore

Feb 6, 2025

MetaDefender Aether 2024 Year-End Review: Transforming Cybersecurity Defense

Dec 13, 2024

The Evolution of Sandboxing: From API Hooking to Hybrid Analysis and Emulation

Customer Stories

Scaling Threat Detection with MetaDefender Aether

View All Articles

Mar 4, 2026 | OEM

OESIS Framework Release Announcement | March 2026

We are thrilled to unveil the latest updates to the OESIS Framework this month. Get ready to supercharge your endpoint protection solutions with expanded support for more products and some new, exciting features.

Feb 9, 2026

OESIS Framework Release Announcement | February 2026

Jan 7, 2026

OESIS Framework Release Announcement | January 2026

Dec 9, 2025

OESIS Framework Release Announcement | December 2025

Nov 10, 2025

OESIS Framework Release Announcement | November 2025

Oct 10, 2025

OESIS Framework Release Announcement | October 2025

Sep 5, 2025

OESIS Framework Release Announcement | September 2025

Aug 11, 2025

OESIS Framework Release Announcement | August 2025

Jul 7, 2025

OESIS Framework Release Announcement | July 2025

View All Articles

Apr 3, 2026 | Supply Chain Security

The Axios npm Attack: How a Trusted Package Became a Malware Delivery System

Npm package hijacking is a software supply chain attack that turns trust in a package into the attack path. Attackers do not need to modify repository code if they can control the account that publishes the package.

Apr 2, 2026