New Features & Enhancements
Enhanced Admin Experience for Managing the Always-On Policy at Scale: We improved management of the Always-On Policy with the following features:
Ability to modify the policy in parallel by multiple admins
A faster and more responsive page for policies with many rules
Public API support will be available soon
New Release for iOS Client v5.6: Starting the week of July 21, 2025, a new Client version 5.6 for iOS will be available for download in the App Store. This version includes:
Support for Internet recovery when a connection to Cato can’t be established
Previously, this was only supported for Windows and macOS Clients
Support for users to control temporarily bypassing Always-On
Previously, this was only supported for Windows and macOS Clients
Security update: Client embedded browser upgraded to Chromium version 135.0.220
Performance enhancements and bug fixes
Click here to watch a video recording of this feature
Improved Management of IoC Lists using Containers: To provide increased granularity, flexibility, and control of threat intelligence data, you can make the following updates to Containers (Resources > Categories > Containers):
Add or remove individual IoCs within a Container
Create new Containers without uploading a file
View and search IoCs within a Container
Click here to watch a video recording of this feature
CMA Notifications for Shipping Page: The Shipping page lets you manage hardware shipments more efficiently, including: enter and validate shipping addresses, and import/export CSV files. Now you can also receive CMA notifications when shipping details are missing for hardware orders.
The Hardware and Shipping notifications are enabled by default, you can manage them in the Account > System Notifications page
PoP Announcements
Oslo, NO: A new Cato PoP is now available in Oslo with the IP range 85.255.22.0/24
Security Updates
IPS Signatures:
View more details about the IPS signatures and protections in the Threats Catalog:
CVE-2017-7921 | Hikvision IP Camera Authentication Bypass
Darkness Ransomware (Enhancement)
Ziver Ransomware (Enhancement)
Sinobi Ransomware (Enhancement)
BlackFL Ransomware (Enhancement)
Blocker Ransomware (Enhancement)
Kyj Ransomware (Enhancement)
Vatican Ransomware (Enhancement)
Blackransombdbot Ransomware (Enhancement)
KaWaLocker Ransomware (Enhancement)
UraLocker Ransomware (Enhancement)
THRSX Ransomware (Enhancement)
Dire Wolf Ransomware (Enhancement)
DELTA Ransomware (Enhancement)
AMERILIFE Ransomware (Enhancement)
DataLeak Ransomware (Enhancement)
Puld Ransomware (Enhancement)
Backups Ransomware (Enhancement)
ZV Ransomware (Enhancement)
SafeLocker Ransomware (Enhancement)
NightSpire Ransomware (Enhancement)
BlackHeart (MedusaLocker) Ransomware
EnCiPhErEd Ransomware (Enhancement)
Pgp Ransomware (Enhancement)
Harma Ransomware (Enhancement)
CVE-2025-34085 (New)
CVE-2019-18211 (New)
CVE-2025-32813 (New)
CVE-2025-5777 (Enhancement)
CVE-2025-33071 (New)
CVE-2025-33070 (New)
CVE-2025-33053 (New)
CVE-2025-32756 (New)
CVE-2022-44356 (New)
CVE-2025-5777 (New)
Fake Captcha Detection (Enhancement)
Suspicious Activity Monitoring:
These protections were added to the SAM service:
Access Executable on External WebDAV Server
Utilizing ADWS to Gain Domain Information, Associated with SoapHound
Apps Catalog
New Cloud Apps (see Apps Catalog), including:
Kandji (Enhancement)
Japanese apps (New)
datart (New)
gen ai apps (New)
ultraviewer (New)
WhatsApp (Enhancement)
XDR Indications Of Attack Signatures:
Anomaly Detection:
Abnormal Suspicious Activity
Abnormal ICMP Network Scanning Activity
Application Control (CASB and File Control):
Application Control:
Granular App: Adobe Creative Cloud - Login (New)
Granular App: Adobe Creative Cloud – Upload (new)
Device Inventory:
These are the updates to the Device Inventory detection engine:
Generic Server (Enhancement)
Unidentified IoT (Enhancement)
Note:
Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.