Blog

Seeing Through the Eyes of An Attacker: Validating Exposures from External Breach Points to Internal Critical Assets

To catch a criminal, you need to think like a criminal. This is not a new concept, and it’s one…

Blog

Beyond the Patch – Why Frost & Sullivan Named Us Leader for the 2nd Time in a Row in ASV

It’s well known that security teams are often drowning in alerts. And considering that 74% of identified exposures are actually…

Blog

Microsoft Office
Zero-Day Vulnerability, CVE-2026-21509, Under Active Exploitation

Overview On January 26, 2026, Microsoft issued emergency out-of-band security patches for a high-severity security feature bypass vulnerability in Microsoft…

Blog

The Practical Path to Fixing What Matters: XM Cyber’s 2025 Milestones and What They Mean for You

The cybersecurity industry has been driven by volume for years. More alerts, more scanners, and more “critical” vulnerabilities to patch.…

Blog

Four Real-Life Financial Service Attacks Paths and How we Blocked Them

Back in the wild west, there was this guy, Willie Sutton. Willie’s chosen profession wasn’t the town dentist-barber or saloon…

Blog

Double Agent: Service Agent Privilege Escalation in Google Vertex AI

While analyzing Google’s Vertex AI, we discovered two distinct attack vectors, specifically in Ray on Vertex AI and the Vertex…

Blog

Exposure Management in Finance: A Proactive Approach to Cyber Resilience

The financial sector is perhaps the most cyber-targeted industry on the planet. It’s no secret why: financial institutions manage the…

Blog

Patching Can’t Save You: How Agentic AI Broke Vulnerability Management

There probably isn’t anything to be said about AI that hasn’t been said. One thing is certain, though: if the…

Blog

2026, The Year Validation Wins Over Speculation

Overview As I look back at 2025, one thing that’s clear is that folks are starting to come around to…

Blog

MongoBleed (CVE-2025-14847) Information Leak Vulnerability Exploited in the Wild

Overview A critical high-severity vulnerability, tracked as CVE-2025-14847 and nicknamed MongoBleed, has been disclosed in MongoDB Server and is already…

Blog

XM Cyber Expands Attack Surface Coverage with Zero-Friction Discovery

An age-old cybersecurity cliché is that “you can’t protect what you can’t see.” But in today’s landscape, what you can’t…

Blog

Why Continuous Exposure Management is the One Gift Your Team Needs This Holiday Season

The Holiday season is one of the most important periods of the year for e-commerce and retail organizations. Adobe estimates…

Blog

Request a demo

See what attackers see, so you can stop them from doing what attackers do.

Platform

Company

Partners

Services

Resources

Privacy Policy