Skip to content

Author: Cathy Gaphty

Cathy is a cybersecurity-focused technical writer who turns complex security concepts into clear, usable content for practitioners and decision-makers. She partners with security engineers, analysts, and product teams to create architecture guides, API references, runbooks, and user documentation for the Léargas Security platform, and its integrated systems. Her work supports incident response, threat detection, and compliance initiatives aligned to frameworks such as NIST CSF and ISO 27001. Cathy favors a docs-as-code approach with Git and Markdown, validating steps in lab environments to ensure accuracy down to commands and configurations. Known for crisp, audience-specific writing and meticulous reviews, she bridges the gap between security theory and day-to-day operations.

October 2025 Fortinet and Ivanti Security Patches: Timely, High‑Severity Fixes and Guidance

October 15, 2025 | , | 10 minutes
As of October 15, 2025, enterprise operators of Fortinet and Ivanti platforms should immediately review and apply October 2025 security patches and advisories. Fortinet published multiple PSIRTs, including issues in FortiOS/FortiProxy ZTNA, FortiOS CLI controls on specific appliances, FortiIsolator authentication/session handling, FortiClientMac LaunchDaemon permissions, and weak authentication affecting FortiPAM and FortiSwitchManager. Patches and fixed versions are available per PSIRT/NVD.
Read More
Cathy GaphtyBy Cathy Gaphty

Red Hat Consulting GitLab Breach: What Was Taken, Who’s at Risk, and What to Do Now

October 7, 2025 | , , | 5 minutes
Red Hat disclosed on October 2, 2025 that a third party accessed a GitLab instance used for internal collaboration by Red Hat Consulting in select engagements; Red Hat removed access, isolated the instance, involved authorities, and is continuing the investigation. The company emphasized the incident is confined specifically to that Consulting GitLab environment. [1][2]. (redhat.com) Who claims what A group calling itself Crimson Collective
Read More
Cathy GaphtyBy Cathy Gaphty

Why OT Operators Must Have a Living, Accurate Inventory — and How Leargas Can Help

September 30, 2025 | , | 4 minutes
In August 2025, a coalition of cybersecurity agencies from the U.S., Canada, Australia, New Zealand, the Netherlands, Germany—and later joined by the U.K.—issued new guidance calling on OT/ICS operators to develop and maintain a definitive, continually updated system inventory. This isn’t just bureaucratic advice. It addresses a core pain point: if you don’t reliably know what’s in your environment and how it connects, you
Read More
Cathy GaphtyBy Cathy Gaphty

CISA ED 25‑03 Cisco ASA: Emergency Zero‑Day Mitigation, Detection, and ROMMON Persistence Guidance

September 26, 2025 | , , , | 5 minutes
As of September 26, 2025, CISA’s ED 25‑03 mandates immediate action to identify and mitigate potential compromise of Cisco ASA and Firepower devices amid an active campaign chaining CVE‑2025‑20362 (missing authorization) with CVE‑2025‑20333 (RCE). Cisco also disclosed CVE‑2025‑20363 (web services RCE) across ASA/FTD and IOS families. Patching is available. CISA set aggressive deadlines: core dump submissions and urgent upgrades by September 26, 2025, and
Read More
Cathy GaphtyBy Cathy Gaphty

MySonicWall Breach: Firewall Config Backups Exposed — Reset Passwords Now

September 18, 2025 | , , | 6 minutes
As of September 18, 2025, SonicWall advises impacted customers to perform a MySonicWall breach password reset and rotate other secrets after threat actors accessed some cloud‑stored firewall configuration backups. SonicWall reports fewer than 5% of firewalls had backup preference files accessed; credentials in those files were encrypted; no leak evidence is known and this was not a ransomware event, but brute-force activity against the
Read More
Cathy GaphtyBy Cathy Gaphty

Shai‑Hulud npm worm: self‑replicating supply chain attack, secret theft, and repo exposure

September 18, 2025 | , , | 6 minutes
As of September 18, 2025, organizations that build or run JavaScript software face a high‑risk supply chain incident: the Shai‑Hulud npm worm is actively compromising maintainer accounts, inserting a malicious postinstall bundle.js into popular packages, harvesting tokens and secrets, and mass‑migrating private GitHub repositories to public. Evidence shows large‑scale propagation and data exposure; no CVE/KEV entry applies because this is a campaign, not a
Read More
Cathy GaphtyBy Cathy Gaphty

Supporting the Mental Health of Cybersecurity Professionals

July 1, 2025 | | 1 minute
Last week, our founder Patrick Kelley had the privilege of presenting on a topic often overlooked in our industry: the mental health challenges facing cybersecurity professionals. The presentation, now featured by the EMC cooperative group (NRECA), highlighted the relentless stress, burnout, and emotional toll that defending critical infrastructure can bring. We talked about how protecting the grid goes beyond patching vulnerabilities and watching alerts;
Read More
Cathy GaphtyBy Cathy Gaphty

FERC’s New Visibility Mandate: What CIP-015-1 Means for Critical Infrastructure

June 30, 2025 | | 4 minutes
On June 20, 2025, the Federal Energy Regulatory Commission (FERC) finalized a new cybersecurity requirement that could fundamentally change how electric utilities defend their operational technology networks. This new standard—known as CIP-015-1—introduces a mandatory requirement for Internal Network Security Monitoring (INSM). And it’s not a suggestion—it’s a shift in the way we approach security inside critical systems. At Léargas Security, we view this as
Read More
Cathy GaphtyBy Cathy Gaphty

Ryan Vargas Podium Finish: Léargas Proud to Support #28 in NASCAR NA Series

June 30, 2025 | | 1 minute
The Ryan Vargas podium finish this weekend delivered a clear message. He is fast, focused, and ready to contend. Driving the #28 Dodge Challenger in the NASCAR North America Series, Ryan turned pressure into performance. As an associate sponsor, Léargas Security is proud to stand with him as he builds momentum. A Sudden Pit Road Incident The day began with an unexpected challenge. After
Read More
Cathy GaphtyBy Cathy Gaphty

AI-Powered OT Threat Detection in Léargas XDR for ICS Security

June 22, 2025 | , | 2 minutes
What’s New? The latest release of the Léargas XDR platform introduces enhanced detection and analysis functionality that fuses Zeek protocol visibility, ICS-specific threat patterns, and AI-driven reasoning powered by our internal Multi-modal Command Processor (MCP). AI Meets ICS Threat Intelligence Our platform now integrates with known ICS/OT threat datasets, specifically aligned to real-world attacks cataloged under frameworks like MITRE ATT&CK for ICS. By incorporating
Read More
Cathy GaphtyBy Cathy Gaphty

Speaking at GTBA 2025: Ransomware Threats in Telecom and Broadband

June 4, 2025 | , | 1 minute
We’re pleased to share that Patrick Kelley, CEO of Critical Path Security and Léargas Security, will be speaking at the 2025 GTBA Annual Meeting of the Membership, hosted by the Georgia Rural Telephone and Broadband Association. 📍 Location: Hammock Beach, Daytona Beach, FL 📅 Dates: June 15–19, 2025 🗣 Topic: Ransomware in Telecom and Broadband: Real-World Impact and Response Strategies Why This Talk Matters
Read More
Cathy GaphtyBy Cathy Gaphty

Speaking at GridSecCon 2025: Mental Health in Cybersecurity and the Maslach Burnout Inventory

June 4, 2025 | , | 1 minute
We’re proud to announce that Patrick Kelley, CEO of Critical Path Security and Léargas Security, will be speaking once again at GridSecCon 2025. His breakout session, titled “Mental Health in Cybersecurity: Leveraging the Maslach Burnout Inventory,” will take place on October 8, 2025, from 3:00 PM to 4:00 PM PT. Why This Talk Matters Cybersecurity is more than threat detection and response—it’s a high-pressure
Read More
Cathy GaphtyBy Cathy Gaphty
Load More