Product Updates - May 25, 2026

New Features & Enhancements

• Upgraded CMA Admin Experience: To improve admin efficiency by focusing on the pages most relevant to you, we are upgrading the Cato Management Application (CMA) admin experience:
  • New Filter by Use Case: Only show the CMA pages relevant to your use case
  • Left Navigation: The navigation menu is located on the left side of the CMA instead of the top bar
    • No change to RBAC or page links
  • Navigation Toggle: Enable the toggle to switch to the upgraded experience
    • The toggle is off by default for a limited time
• Enterprise Browser v1.1.0.50: During the week of May 24, 2026, Enterprise Browser version 1.1.0.50 will be available. This version contains:
  • Enforces Always-On when browsing to ensure that all of your browsing is secure and complies with company policies
  • Dedicated support page to view connection information and collect logs
  • Added support for all media codecs
  • Upgrade to Chromium v148.0.7778.56
• Zoom Disconnection Events: For faster troubleshooting of Zoom connectivity, the Experience Monitoring drill-down pages provide visibility into Zoom meeting disconnection events to help correlate them with issues in the network path.
  • The events are also available in the Events page
  • The event shows reasons for disconnection
  • Requires a DEM license and Zoom connector configured with the dashboard_meetings:read:admin scope enabled
• Applications Dashboard Displays Sankey Diagram: For increased visibility of how SaaS applications are used in your network, the Applications Dashboard includes a sankey diagram to visualize application usage flow in your network.
  • Requires a CASB license
• Support for DTS SSO and User Provisioning: We added DTS as a provider for SSO authentication for end users and admins, as well as user provisioning with SCIM.
• Support for OneWelcome SSO for CMA Admins: We added OneWelcome as a provider for SSO authentication for admins accessing the CMA.
• Detailed Visibility of Interconnected Apps - Support for GitHub: View detailed information about third-party apps and plugins connected to GitHub. This visibility helps you understand which external apps are used in your environment and how they interact with core services.
  • View the Plugins option in the Security > Applications page on the Inventory tab
  • Requires a CASB license
• XOps Stories for Cloud App Activities: XOps includes coverage for App Activities with new stories that alert on anomalous and risky behavior across widely-used SaaS apps.
  • Producer Type is Generic Incident and Producer Name is the app name
  • Supported for GitHub, Microsoft 365, Slack, and Google Workspace
  • Requires XOps and CASB licenses and configuration of App Activities connectors
• XOps Stories for Microsoft Email Security Alerts: XOps generates stories for Microsoft Defender for Office 365 alerts for emails, including phishing, malware, and other signals. The stories are enriched with Cato identity, network, and endpoint context.
  • Stories are generated by the Microsoft Email Security producer
  • Requires XOps license
  • Requires Microsoft Defender for Office 365 connector
• Enhanced Defender for Endpoint XOps Stories: Defender stories are now aggregated based on Defender incidents and their related alerts, with support for multiple entities per incident. You can also update Defender incidents directly from Cato XOps to streamline investigation and response workflows.
  • Requires XOps license
  • Updating Defender incidents requires editing the connector with write permissions

PoP Announcements

• The following PoP locations are now available:
  • Anchorage, US: 199.27.49.0/24
  • Lisbon, PT: 159.117.242.0/24
• The following range is now available:
  • Madrid, ES: 216.252.188.0/24
• The following localized range is now available:
  • Pakistan: 113.30.129.160/27 (serviced through Dubai)
• The following ranges will soon be available:
  • Los Angeles, US: 199.27.53.0/24
  • Tokyo, JP: 113.30.138.0/24

Security Updates

• Apps Catalog

  View more details about apps in the Apps Catalog.

  • New Apps: 7 new apps: Adobe Updater, Amazon DRS / MGN Services, Brain.fm: Focus & Sleep Music, Dune, Hermes Agent, SiliconExpert, TiFlux
  • Enhanced Apps:
    • Cato Management Application
      • Updated app domains
    • Cato Networks
      • Added domains aim.security, catonetworks.club, hakasecurity.com
    • Comcast Corporation
      • Added domain comcast.net
    • Extremereach
      • Added domain extremereach.io
    • Infomaniak Network Sa
      • Added domain swisstransfer.com
    • Microsoft Copilot
      • Added domain copilotstudio.preview.microsoft.com
    • Mist
      • Added domain mistsys.net
    • Qiita
      • Updated app domains
    • Skilljar
      • Added domain sj-cdn.net
    • Telegram Voice and Video Call
      • Application is now available in Application Control rules
    • Vicarius
      • Added domain vicarius-cdn.com
  • Socket apps, from Socket v25:
    • Added 1 apps
      • Adobe Updater supported for domains based
    • Modified 1 apps
      • Microsoft Defender For Endpoint - added support for domains based

• IPS Signatures

  View more details about the IPS signatures and protections in the Threats Catalog.

  • CVE-2026-1340 (New)
  • CVE-2026-20079 (New)
  • CVE-2026-42281 (Enhancement)
  • Malware - Havoc C2 (New)

   

  • Lan IPS signatures: 
    • CVE-2007-3010 (New)
    • CVE-2014-0130 (New)
    • CVE-2014-6287 (New)
    • CVE-2015-2974 (New)
    • CVE-2016-0752 (New)
    • CVE-2017-17562 (New)
    • CVE-2017-6327 (New)
    • CVE-2017-7615 (New)
    • CVE-2017-7921 (New)
    • CVE-2018-1000861 (New)
    • CVE-2018-11759 (New)
    • CVE-2018-1207 (New)
    • CVE-2019-11043 (New)
    • CVE-2019-12314 (New)
    • CVE-2019-12725 (New)
    • CVE-2019-13635 (New)
    • CVE-2019-19781 (New)
    • CVE-2019-5127 (New)
    • CVE-2019-7256 (New)
    • CVE-2020-0688 (New)
    • CVE-2020-10580 (New)
    • CVE-2020-11978 (New)
    • CVE-2020-14864 (New)
    • CVE-2020-15148 (New)
    • CVE-2020-17523 (New)
    • CVE-2020-25078 (New)
    • CVE-2020-25506 (New)
    • CVE-2020-25858 (New)
    • CVE-2020-28648 (New)
    • CVE-2020-29166 (New)
    • CVE-2020-29557 (New)
    • CVE-2020-3161 (New)
    • CVE-2020-35476 (New)
    • CVE-2020-36289 (New)
    • CVE-2020-8163 (New)
    • CVE-2020-8193 (New)
    • CVE-2020-8218 (New)
    • CVE-2020-9315 (New)
    • CVE-2020-9496 (New)
    • CVE-2021-20090 (New)
    • CVE-2021-21402 (New)
    • CVE-2021-22873 (New)
    • CVE-2021-25294 (New)
    • CVE-2021-26085 (New)
    • CVE-2021-26827 (New)
    • CVE-2021-28149 (New)
    • CVE-2021-28169 (New)
    • CVE-2021-29442 (New)
    • CVE-2021-3019 (New)
    • CVE-2021-31805 (New)
    • CVE-2021-33503 (New)
    • CVE-2021-3374 (New)
    • CVE-2021-34429 (New)
    • CVE-2021-34467 (New)
    • CVE-2021-35395 (New)
    • CVE-2021-39226 (New)
    • CVE-2021-40378 (New)
    • CVE-2021-41773 (New)
    • CVE-2021-43798 (New)
    • CVE-2021-44077 (New)
    • CVE-2021-44228 (New)
    • CVE-2021-45046 (New)
    • CVE-2021-45105 (New)
    • CVE-2021-45456 (New)
    • CVE-2022-21371 (New)
    • CVE-2022-21907 (New)
    • CVE-2022-22956 (New)
    • CVE-2022-24218 (New)
    • CVE-2022-25077 (New)
    • CVE-2022-27043 (New)
    • CVE-2022-27226 (New)
    • CVE-2022-27924 (New)
    • CVE-2022-29499 (New)
    • CVE-2022-29775 (New)
    • CVE-2022-31268 (New)
    • CVE-2022-31499 (New)
    • CVE-2022-32417 (New)
    • CVE-2022-33891 (New)
    • CVE-2022-33980 (New)
    • CVE-2022-36534 (New)
    • CVE-2022-37299 (New)
    • CVE-2022-41082 (New)
    • CVE-2022-44356 (New)
    • CVE-2023-22047 (New)
    • CVE-2023-22515 (New)
    • CVE-2023-2766 (New)
    • CVE-2023-27997 (New)
    • CVE-2023-28432 (New)
    • CVE-2023-29298 (New)
    • CVE-2023-32315 (New)
    • CVE-2023-35078 (New)
    • CVE-2023-35082 (New)
    • CVE-2023-39143 (New)
    • CVE-2023-39677 (New)
    • CVE-2023-4168 (New)
    • CVE-2023-42793 (New)
    • CVE-2023-43261 (New)
    • CVE-2023-46731 (New)
    • CVE-2023-46805 (New)
    • CVE-2023-48365 (New)
    • CVE-2023-49103 (New)
    • CVE-2023-49785 (New)
    • CVE-2023-50358 (New)
    • CVE-2023-6021 (New)
    • CVE-2024-10486 (New)
    • CVE-2024-10914 (New)
    • CVE-2024-21136 (New)
    • CVE-2024-21887 (New)
    • CVE-2024-2448 (New)
    • CVE-2024-24824 (New)
    • CVE-2024-28000 (New)
    • CVE-2024-29895 (New)
    • CVE-2024-32238 (New)
    • CVE-2024-3272 (New)
    • CVE-2024-3273 (New)
    • CVE-2024-36404 (New)
    • CVE-2024-36991 (New)
    • CVE-2024-38475 (New)
    • CVE-2024-41585 (New)
    • CVE-2024-45195 (New)
    • CVE-2024-45216 (New)
    • CVE-2024-51567 (New)
    • CVE-2024-56145 (New)
    • CVE-2024-56325 (New)
    • CVE-2024-57046 (New)
    • CVE-2024-57727 (New)
    • CVE-2024-5910 (New)
    • CVE-2024-6235 (New)
    • CVE-2025-0108 (New)
    • CVE-2025-31324 (New)
    • CVE-2025-4632 (New)
• XDR Indications of Attack
  • Anomaly Detection
    • Unusual File Renaming Activity (New)
  • Threat Prevention
    • Multiple Blocked Upload Attempts
    • Repeated DLP Violations

• Device Inventory

  These are the updates to the Device Inventory detection engine:

  • NETWORKING
    • Network Appliance
      • Aruba (New)

• Application Control Via API and Data Protection API Integrations

  The enhancements were made for Application Control Via API

  • Google Apps | Anomalies
    • Google Apps | Anomalies (Enhancement)
  • Microsoft General | Activity
    • Microsoft General | Activity (Enhancement) - Added detection of external Teams communications via cross-tenant participant data; expanded event coverage to include ChatCreated and CallParticipantDetail events; improved collaborator name resolution to prefer display names over email addresses; remapped DLP endpoint FileCreated events to file_sharing.create.
  • Slack | Anomalies
    • Slack | Anomalies (Enhancement)
  • Zoom | Experience
    • Zoom | Experience (Enhancement) - Added new UCAAS Disconnection event type that surfaces non-benign participant disconnection events (network errors, client crashes, time-limit expiry) as dedicated disconnection events.