Blog

Capitalize on Mythos Hype to Fix Your Exposure and Vulnerability Management

The cybersecurity market is reactively panicking about automated vulnerability identification and autonomous AI exploit builders. With the emergence of automated…
Blog

The 2026 Verizon DBIR Stopped Asking How Attackers Get in and Started Asking Where They Go

For 19 years, every edition of the Verizon DBIR told the same story about initial access – credential theft was…
Blog

Trust No One: Automating macOS Privilege Escalation at Scale

XM Cyber Researcher Hillel Pinto uncovered CVE-2025-34352, a critical vulnerability in the JumpCloud Remote Assist for Windows agent (versions prior…
Blog

The VM Category Shift: XM Cyber Wins SC Awards Europe 2026 Best Vulnerability Management Solution

The vulnerability management category has shifted. For three consecutive years, Qualys won SC Awards Europe Best Vulnerability Management Solution. This…
Blog

Identity Is the Highway. Here’s How Attackers Use It.

In the modern enterprise, the perimeter hasn’t just shifted, it has dissolved. As organizations accelerate their digital transformation, traditional boundaries…
Blog

Initial Reactions and Key Takeaways from the 2026 Gartner Security and Risk Summit

Last week, the XM Cyber team had the pleasure of attending the annual Gartner Security and Risk Summit at the…
Blog

The Identity Conundrum: Enforcing Least Privilege Access At Scale

Overview In the modern cybersecurity landscape identity isn’t a perimeter, it’s a highway. As organizations scale, that highway gets longer,…
Blog

Your CVE Count Is a Meaningless Metric

Overview I’ve sat in a lot of vulnerability reviews where the team felt good about the numbers. Closed tickets for…
Blog

NGINX Rift Chain (CVE-2026-42945): Remote Code Execution (RCE) Discovered Leveraging 18-Year-Old Vulnerabilities

Overview On May 13, 2026, researchers disclosed “NGINX Rift,” a critical vulnerability chain discovered by DepthFirst AI. The chain consists…
Blog

Contextualizing SOC Alerts with Exposure Intelligence

Overview Security Operations Centers (SOCs) are on the front lines of a lopsided battle. They are navigating an overwhelming volume…
Blog

From Hunting Context to Hunting Threats: Using Exposure Intelligence to Accelerate SOC Investigations

Overview In many organizations, SOC teams spend more time digging for context than actually hunting for or responding to threats.…
Blog

Linux Kernel “Dirty Frag” Local Privilege Escalation (LPE), CVE-2026-43284 & CVE-2026-43500

Overview On May 8, 2026, cybersecurity researchers disclosed a critical vulnerability chain in the Linux kernel, nicknamed “Dirty Frag.” Tracked…
Blog
1 2 3 31

See XM Cyber In Action