macOS Weaknesses Chained to Silently Disable Endpoint Security Agents
A standard non-admin account is sufficient to conduct an attack that exploits legitimate OS behavior rather than software vulnerabilities.
News
New macOS security flaw could let hackers disable protection tools, researchers say
Security firm XM Cyber found a macOS technique that can let standard user accounts disable some enterprise security tools without administrator credentials.
News
Apple’s MacOS Gap Lets Users Disable Security Tools
Attackers can exploit the issue to disable security and integrated browser tools without needing administrator privileges or kernel exploits.
News
Shutting Down Identity Attack Paths With Continuous Exposure Management
Excessive permissions are one of the most exploited weaknesses in enterprise security — and AI-powered attackers are making them dangerous…
News
What the industrialization of exploitation means for defenders
AI is letting hackers launch massive, automated attacks. Security teams need to stop collecting tools and start thinking like the…
News
Why XM Cyber Won the SC Award for Best Vulnerability Management Solution
XM Cyber should be the top vulnerability management contender because it replaces the “endless list” with Attack Graph Analysis™. While…
News
When Identity is the Attack Path
Consider a cached access key on a single Windows machine. It got there the way most cached credentials do –…
News
Every M&A deal has a cyber delta: Close it before hackers do
In M&A, the real risk is the security gap you don’t see. Close it early, or attackers and regulators will…
News
What the industrialization of exploitation means for defenders
AI is letting hackers launch massive, automated attacks. Security teams need to stop collecting tools and start thinking like the…
News
Your CTEM program is probably ignoring MCP. Here’s how to fix it
Model Context Protocol (MCP) is the connective tissue of modern AI tooling and has quietly become one of the most…
News
Why Attacker Perspective Wins in Exposure Management
XM Cyber’s platform maps how vulnerabilities, credentials, cloud misconfigurations and on-premises exposures interconnect – tracing the paths an attacker could…
News
Cloud required DevSecOps. AI requires DevSecEng
DevSecOps was fine for the cloud, but with AI agents now provisioning their own credentials, we need DevSecEng to keep…
News
See XM Cyber In Action
