Microsoft Office
Zero-Day Vulnerability, CVE-2026-21509, Under Active Exploitation
Overview On January 26, 2026, Microsoft issued emergency out-of-band security patches for a high-severity security feature bypass vulnerability in Microsoft Office, tracked as CVE-2026-21509….
The Practical Path to Fixing What Matters: XM Cyber’s 2025 Milestones and What They Mean for You
The cybersecurity industry has been driven by volume for years. More alerts, more scanners, and more “critical” vulnerabilities to patch. In 2025, this approach…
Double Agent: Service Agent Privilege Escalation in Google Vertex AI
While analyzing Google’s Vertex AI, we discovered two distinct attack vectors, specifically in Ray on Vertex AI and the Vertex AI Agent Engine, where default configurations allow low-privileged users to pivot into higher-privileged Service Agent roles.
2026, The Year Validation Wins Over Speculation
Overview As I look back at 2025, one thing that’s clear is that folks are starting to come around to the idea that continuous…
MongoBleed (CVE-2025-14847) Information Leak Vulnerability Exploited in the Wild
Overview A critical high-severity vulnerability, tracked as CVE-2025-14847 and nicknamed MongoBleed, has been disclosed in MongoDB Server and is already being actively exploited in…
How XM Cyber Helps Leading German Manufacturer Jeremias Strengthen Security and Focus Remediation
Jeremias Abgastechnik GmbH, a leading German manufacturer of flue, exhaust, and chimney systems, operates internationally with production facilities and sales subsidiaries across Europe and…
How XM Cyber Helps A Large Italian Financial Institution Prioritize Risk and Improve Security Posture
The security team at a large Italian financial services firm was overloaded with vulnerability data. Their traditional scanners flagged issue after issue, but didn’t…
XM Cyber Expands Attack Surface Coverage with Zero-Friction Discovery
An age-old cybersecurity cliché is that “you can’t protect what you can’t see.” But in today’s landscape, what you can’t see isn’t just unprotected,…
XM Cyber Helps Save the Children Strengthen Security and Prioritize What Matters
Save the Children operates critical programs across more than twenty countries, managing sensitive donor and beneficiary data globally. This diverse structure, where each location…
Why Continuous Exposure Management is the One Gift Your Team Needs This Holiday Season
The Holiday season is one of the most important periods of the year for e-commerce and retail organizations. Adobe estimates that “$253.4 billion will…
XM Cyber Helps Vinci Construction Fortify Global Security Posture and Dramatically Reduce Risk
Vinci Construction manages high-stakes infrastructure projects worldwide, including work on the Paris Metro, major highways, and airports. Operating in over 68 countries, any interruption…
XM Cyber Helps Leading Financial Services Provider Gain Real-Time Exposure Visibility
A leading financial market infrastructure provider, responsible for completing trades, safeguarding assets, and other essential financial services across global capital markets, needed a clearer…
