MongoBleed (CVE-2025-14847) Information Leak Vulnerability Exploited in the Wild
Overview A critical high-severity vulnerability, tracked as CVE-2025-14847 and nicknamed MongoBleed, has been disclosed in MongoDB Server and is already being actively exploited in…
XM Cyber Expands Attack Surface Coverage with Zero-Friction Discovery
An age-old cybersecurity cliché is that “you can’t protect what you can’t see.” But in today’s landscape, what you can’t see isn’t just unprotected,…
Why Continuous Exposure Management is the One Gift Your Team Needs This Holiday Season
The Holiday season is one of the most important periods of the year for e-commerce and retail organizations. Adobe estimates that “$253.4 billion will…
Announcing Enhanced EASM Capabilities for Validating End-to-End Risk
Last year, we introduced External Attack Surface Management (EASM) into the XM Continuous Exposure Management (CEM) platform. We knew then that identifying external risks…
JUMPSHOT: XM Cyber Uncovers Critical Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent
XM Cyber Researcher Hillel Pinto uncovered CVE-2025-34352, a critical vulnerability in the JumpCloud Remote Assist for Windows agent (versions prior to 0.317.0). The flaw allows any low-privileged local user to exploit insecure file operations—arbitrary file write/delete—performed by the agent running as NT AUTHORITY\SYSTEM within the user’s temporary directory.
CRITICAL ALERT: React2Shell CVE-2025-55182 is Under Active Exploitation!
Overview On December 3, 2025, the security community was alerted to a critical vulnerability in the React Server Components (RSC) ecosystem, now widely referred…
Patching Can’t Save You: How Agentic AI Broke Vulnerability Management
There probably isn’t anything to be said about AI that hasn’t been said. One thing is certain, though: if the cyber threat landscape wasn’t…
How to Accelerate Zero Trust with Exposure Management
I recently delivered a webinar on Zero Trust and how to make that journey more efficient with Exposure Management. I expected a typical session,…
Challenge Accepted!
XM Cyber Named a Challenger in the 2025 Gartner® Magic Quadrant™ for Exposure Assessment Platforms
The word is out! We are thrilled to announce that XM Cyber has been named a Challenger in the 2025 Gartner® Magic Quadrant™ for…
How to Build a Continuous Exposure Management Plan from Scratch
Most security leaders I’ve worked with completely get the theory of exposure management. The challenge lies in turning that theory into practice. Many EM…
From Alerts to Action: Streamlining Remediation Operations with Continuous Exposure Management
Security teams face an unprecedented challenge; Attackers are moving faster than ever before, and the proliferation of openly-available AI-powered attack tools have democratized advanced…
Flipping the Script: Seeing Risk the Way Attackers Do
As someone coming from an application security background, stepping into the world of Exposure Management has been both exciting and a bit overwhelming. Since…
