Insights

Investment provides growth capital and operational resources to accelerate IT and OT cybersecurity services and technology - while preserving leadership continuity and client experience. Atlanta, GA - March 4, 2026 - Today, Critical Path Security ("CPS") and Léargas Security announced a strategic growth investment from Shoals Growth, a technology services investment fund focused on cybersecurity. The investment strengthens CPS and Léargas' ability to invest in people, capabilities, and product innovation - while keeping day-to-day operations and client engagements unchanged. CPS and Léargas will continue operating under their respective brands, with the same teams and the same commitment to responsive, outcome-driven security for clients across both IT and OT environments. Leadership As part of this next chapter, LJ Campbell will join CPS and Léargas as Chief Executive Officer. Campbell brings deep industry experience from his time at Bain & Company and Booz Allen Hamilton's commercial cyber risk practice, with work spanning…

Critical Path Security is expanding its managed security capabilities to include ScubaGoggles configuration testing for our MSOC and XDR customers. As organizations continue to rely heavily on cloud collaboration platforms, configuration risk has become one of the most common and most exploitable security gaps. Misconfigurations in SaaS environments routinely undermine otherwise strong endpoint, network, and identity controls. Addressing this risk requires structured, repeatable assessment aligned to authoritative baselines. ScubaGoggles provides that framework. What Is ScubaGoggles Cybersecurity and Infrastructure Security Agency (CISA) developed ScubaGoggles as part of its Secure Cloud Business Applications initiative. The tool is designed to assess Google Workspace tenant configurations against CISA-published secure configuration baselines. ScubaGoggles evaluates tenant settings, applies policy validation through Open Policy Agent rules, and generates structured reports identifying deviations from recommended security controls. The result is a repeatable and defensible configuration review aligned to federal guidance and industry best practices. Why Configuration Assessment Matters…

The intersection of kinetic warfare and keyboard-driven operations has never been more visible. Following the joint U.S. and Israeli military strikes against Iranian nuclear and military assets on February 28, 2026, the Canadian Centre for Cyber Security (CCCS) has issued a critical threat bulletin. At Critical Path Security, we've always maintained that layered defence isn't a buzzword-it's a survival requirement. As geopolitical tensions boil over into the digital domain, Iranian state-sponsored actors are pivoting from standard espionage to disruptive and destructive operations. Here is what the current threat landscape looks like and, more importantly, what your team should be doing about it. The Threat Profile: Beyond Simple Phishing The CCCS identifies four primary ways Iran is likely to respond. While information operations and harassment are common, the real risk to our clients lies in the targeting of critical infrastructure and poorly secured IoT/ICS devices. Iranian actors (including IRGC-affiliated groups) typically…

What Security Teams Need to Know In a significant and ongoing cyber-espionage campaign, a sophisticated threat actor has been exploiting a critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines since at least mid-2024. The vulnerability - tracked as CVE-2026-22769 and carrying a CVSSv3.1 score of 10.0 (Critical) - has enabled remote unauthenticated access, root-level persistence, lateral movement, and deployment of custom malware across compromised enterprise environments. This post breaks down the technical details, adversary activity, enterprise impact, and immediate defensive actions organizations should take. What Is CVE-2026-22769? CVE-2026-22769 is a critical vulnerability in Dell RecoverPoint for Virtual Machines (RP4VM) versions prior to 6.0.3.1 HF1. The root cause is the presence of hard-coded credentials within the appliance's Apache Tomcat Manager configuration. An attacker with knowledge of these credentials can authenticate remotely without valid user input, effectively bypassing standard authentication controls. Successful exploitation enables: Unauthenticated remote access Root-level command execution Installation…