Blog

Four Real-Life Financial Service Attacks Paths and How we Blocked Them

Back in the wild west, there was this guy, Willie Sutton. Willie’s chosen profession wasn’t the town dentist-barber or saloon…
Blog

Double Agent: Service Agent Privilege Escalation in Google Vertex AI

While analyzing Google’s Vertex AI, we discovered two distinct attack vectors, specifically in Ray on Vertex AI and the Vertex…
Blog

Exposure Management in Finance: A Proactive Approach to Cyber Resilience

The financial sector is perhaps the most cyber-targeted industry on the planet. It’s no secret why: financial institutions manage the…
Blog

2026, The Year Validation Wins Over Speculation

Overview As I look back at 2025, one thing that’s clear is that folks are starting to come around to…
Blog

MongoBleed (CVE-2025-14847) Information Leak Vulnerability Exploited in the Wild

Overview A critical high-severity vulnerability, tracked as CVE-2025-14847 and nicknamed MongoBleed, has been disclosed in MongoDB Server and is already…
Blog

XM Cyber Expands Attack Surface Coverage with Zero-Friction Discovery

An age-old cybersecurity cliché is that “you can’t protect what you can’t see.” But in today’s landscape, what you can’t…
Blog

Announcing Enhanced EASM Capabilities for Validating End-to-End Risk

Last year, we introduced External Attack Surface Management (EASM) into the XM Continuous Exposure Management (CEM) platform. We knew then…
Blog

Why Continuous Exposure Management is the One Gift Your Team Needs This Holiday Season

The Holiday season is one of the most important periods of the year for e-commerce and retail organizations. Adobe estimates…
Blog

JUMPSHOT: XM Cyber Uncovers Critical Local Privilege Escalation (CVE-2025-34352) in JumpCloud Agent

XM Cyber Researcher Hillel Pinto uncovered CVE-2025-34352, a critical vulnerability in the JumpCloud Remote Assist for Windows agent (versions prior…
Blog

CRITICAL ALERT: React2Shell CVE-2025-55182 is Under Active Exploitation!

Overview On December 3, 2025, the security community was alerted to a critical vulnerability in the React Server Components (RSC)…
Blog

Patching Can’t Save You: How Agentic AI Broke Vulnerability Management

There probably isn’t anything to be said about AI that hasn’t been said. One thing is certain, though: if the…
Blog

How to Accelerate Zero Trust with Exposure Management

I recently delivered a webinar on Zero Trust and how to make that journey more efficient with Exposure Management. I…
Blog
1 2 3 4 5 31

See XM Cyber In Action