Blog

Beyond the Patch – Why Frost & Sullivan Named Us Leader for the 2nd Time in a Row in ASV

It’s well known that security teams are often drowning in alerts. And considering that 74% of identified exposures are actually…

Blog

Microsoft Office
Zero-Day Vulnerability, CVE-2026-21509, Under Active Exploitation

Overview On January 26, 2026, Microsoft issued emergency out-of-band security patches for a high-severity security feature bypass vulnerability in Microsoft…

Blog

The Practical Path to Fixing What Matters: XM Cyber’s 2025 Milestones and What They Mean for You

The cybersecurity industry has been driven by volume for years. More alerts, more scanners, and more “critical” vulnerabilities to patch.…

Blog

Double Agent: Service Agent Privilege Escalation in Google Vertex AI

While analyzing Google’s Vertex AI, we discovered two distinct attack vectors, specifically in Ray on Vertex AI and the Vertex…

Blog

2026, The Year Validation Wins Over Speculation

Overview As I look back at 2025, one thing that’s clear is that folks are starting to come around to…

Blog

MongoBleed (CVE-2025-14847) Information Leak Vulnerability Exploited in the Wild

Overview A critical high-severity vulnerability, tracked as CVE-2025-14847 and nicknamed MongoBleed, has been disclosed in MongoDB Server and is already…

Blog

XM Cyber Expands Attack Surface Coverage with Zero-Friction Discovery

An age-old cybersecurity cliché is that “you can’t protect what you can’t see.” But in today’s landscape, what you can’t…

Blog

Why Continuous Exposure Management is the One Gift Your Team Needs This Holiday Season

The Holiday season is one of the most important periods of the year for e-commerce and retail organizations. Adobe estimates…

Blog

Announcing Enhanced EASM Capabilities for Validating End-to-End Risk

Last year, we introduced External Attack Surface Management (EASM) into the XM Continuous Exposure Management (CEM) platform. We knew then…

Blog

JUMPSHOT: XM Cyber Uncovers Critical Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent

XM Cyber Researcher Hillel Pinto uncovered CVE-2025-34352, a critical vulnerability in the JumpCloud Remote Assist for Windows agent (versions prior…

Blog

CRITICAL ALERT: React2Shell CVE-2025-55182 is Under Active Exploitation!

Overview On December 3, 2025, the security community was alerted to a critical vulnerability in the React Server Components (RSC)…

Blog

Patching Can’t Save You: How Agentic AI Broke Vulnerability Management

There probably isn’t anything to be said about AI that hasn’t been said. One thing is certain, though: if the…

Blog

Request a demo

See what attackers see, so you can stop them from doing what attackers do.

Platform

Company

Partners

Services

Resources

Privacy Policy