Blog

The XM Cyber 2022 Attack Path Management Impact Report
Michael Greenberg | April 26, 2022

The industry’s first annual attack path management research report is here! The XM Cyber research team analyzed nearly 2 million entities to bring insights…

5 Ways to Make Attack Path Management More Manageable
Shay Siksik | April 20, 2022

Effective cybersecurity can be distilled to a single idea: Protect your most business critical assets. Protecting your most critical assets, in turn, can be…

XM Cyber Advisory – Spring4Shell, Zero Day
Zur Ulianitzky; Ilay Grossman | March 31, 2022

Overview On March 30, A new zero day critical vulnerability was leaked in another open source software library. The vulnerability affects Spring Framework which…

New Privilege Escalation Techniques are Compromising your Google Cloud Platform
Idan Strovinsky, Zur Ulianitzky | March 27, 2022

In this research you’ll discover some of the common attack techniques used in Google Cloud Platform (GCP) to better understand how an attacker exploits…

See All Ways: How to Overcome the Big Disconnect in Cybersecurity
Sharron Malaver | March 14, 2022

Today’s reality in cybersecurity is that, with the right combination of tools, you may be able to see all kinds of misconfigurations … and…

10 ways to gain control over Azure function app sites
Zur Ulianitzky and Bill Ben Haim | March 06, 2022

  Pen-testers! Red-teamers! We’ve prepared a bucket of new Azure techniques, specifically about Azure function app sites. In this blog, we’ll show you new…

Choosing Attack Path Management Over Security Control Validation When Shopping for Breach & Attack Simulation
Menachem Shafran | March 06, 2022

Breach and Attack Simulation is gaining lots of hype today. Yet simulating attacks can mean many different things and serve many different use cases….

Go Beyond Log4Shell and See the Entire Attack Path
March 01, 2022

We understand the facts: The most common open-source library (Java) has already been identified with 3 CVEs and counting, with over 3 million attacks…

Attack Path vs Attack Vector: Important Differences You Need To Know
Rinat Villeval | January 04, 2022

If you want to solve a problem, defining your terms is essential — and there are few more pressing problems than safeguarding critical assets…

Top 3 Benefits of Ransomware Readiness Assessment
Shay Siksik | December 27, 2021

After so many recent high-profile ransomware attacks, CISOs, SOC Managers and other cybersecurity leaders are certainly aware of the risks involved. Global costs from…

Time to go beyond Log4Shell and see the entire attack path
December 16, 2021

Today’s organizations are overwhelmed since the world first learned about the Log4Shell vulnerability (aka Log4J CVE-2021-44228, CVE-2021-45046). If prioritizing your vulnerabilities was a daunting…

XMGoat – An Open Source Pentesting Tool for Azure
December 01, 2021

  Overview We created XMGoat as an open source tool with the purpose of teaching penetration testers, red teamers, security consultants, and cloud experts…

1 7 8 9 10 11 26

Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.