Blog

Announcing Enhanced EASM Capabilities for Validating End-to-End Risk

Last year, we introduced External Attack Surface Management (EASM) into the XM Continuous Exposure Management (CEM) platform. We knew then…

Blog

JUMPSHOT: XM Cyber Uncovers Critical Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent

XM Cyber Researcher Hillel Pinto uncovered CVE-2025-34352, a critical vulnerability in the JumpCloud Remote Assist for Windows agent (versions prior…

Blog

CRITICAL ALERT: React2Shell CVE-2025-55182 is Under Active Exploitation!

Overview On December 3, 2025, the security community was alerted to a critical vulnerability in the React Server Components (RSC)…

Blog

Patching Can’t Save You: How Agentic AI Broke Vulnerability Management

There probably isn’t anything to be said about AI that hasn’t been said. One thing is certain, though: if the…

Blog

How to Accelerate Zero Trust with Exposure Management

I recently delivered a webinar on Zero Trust and how to make that journey more efficient with Exposure Management. I…

Blog

Challenge Accepted!
XM Cyber Named a Challenger in the 2025 Gartner® Magic Quadrant™ for Exposure Assessment Platforms

The word is out! We are thrilled to announce that XM Cyber has been named a Challenger in the 2025…

Blog

How to Build a Continuous Exposure Management Plan from Scratch

Most security leaders I’ve worked with completely get the theory of exposure management. The challenge lies in turning that theory…

Blog

From Alerts to Action: Streamlining Remediation Operations with Continuous Exposure Management

Security teams face an unprecedented challenge; Attackers are moving faster than ever before, and the proliferation of openly-available AI-powered attack…

Blog

Flipping the Script: Seeing Risk the Way Attackers Do

As someone coming from an application security background, stepping into the world of Exposure Management has been both exciting and…

Blog

Windows Server Update Service (WSUS) Critical Vulnerability: CVE-2025-59287 Under Active Exploitation

Overview Microsoft has disclosed a critical remote code execution (RCE) vulnerability in Windows Server Update Service (WSUS), tracked as CVE-2025-59287.…

Blog

Cracking the Boardroom Code: A New Path for CISOs

CISOs dedicate entire careers to mastering security. With a skill set expertly tuned to spotting threats, building defenses, and maintaining…

Blog

CRITICAL ALERT: Oracle E-Business Suite Zero-Day Vulnerability, CVE-2025-61882, Under Active Exploitation!

Overview Oracle has just disclosed that a critical zero-day vulnerability, tracked as CVE-2025-61882, has been identified in Oracle E-Business Suite…

Blog

Request a demo

See what attackers see, so you can stop them from doing what attackers do.

Platform

Company

Partners

Services

Resources

Privacy Policy