The XM Cyber 2022 Attack Path Management Impact Report
The industry’s first annual attack path management research report is here! The XM Cyber research team analyzed nearly 2 million entities to bring insights…
5 Ways to Make Attack Path Management More Manageable
Effective cybersecurity can be distilled to a single idea: Protect your most business critical assets. Protecting your most critical assets, in turn, can be…
XM Cyber Advisory – Spring4Shell, Zero Day
Overview On March 30, A new zero day critical vulnerability was leaked in another open source software library. The vulnerability affects Spring Framework which…
New Privilege Escalation Techniques are Compromising your Google Cloud Platform
In this research you’ll discover some of the common attack techniques used in Google Cloud Platform (GCP) to better understand how an attacker exploits…
See All Ways: How to Overcome the Big Disconnect in Cybersecurity
Today’s reality in cybersecurity is that, with the right combination of tools, you may be able to see all kinds of misconfigurations … and…
10 ways to gain control over Azure function app sites
Pen-testers! Red-teamers! We’ve prepared a bucket of new Azure techniques, specifically about Azure function app sites. In this blog, we’ll show you new…
Choosing Attack Path Management Over Security Control Validation When Shopping for Breach & Attack Simulation
Breach and Attack Simulation is gaining lots of hype today. Yet simulating attacks can mean many different things and serve many different use cases….
Go Beyond Log4Shell and See the Entire Attack Path
We understand the facts: The most common open-source library (Java) has already been identified with 3 CVEs and counting, with over 3 million attacks…
Attack Path vs Attack Vector: Important Differences You Need To Know
If you want to solve a problem, defining your terms is essential — and there are few more pressing problems than safeguarding critical assets…
Top 3 Benefits of Ransomware Readiness Assessment
After so many recent high-profile ransomware attacks, CISOs, SOC Managers and other cybersecurity leaders are certainly aware of the risks involved. Global costs from…
Time to go beyond Log4Shell and see the entire attack path
Today’s organizations are overwhelmed since the world first learned about the Log4Shell vulnerability (aka Log4J CVE-2021-44228, CVE-2021-45046). If prioritizing your vulnerabilities was a daunting…
XMGoat – An Open Source Pentesting Tool for Azure
Overview We created XMGoat as an open source tool with the purpose of teaching penetration testers, red teamers, security consultants, and cloud experts…
Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.