Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When Gartner introduced Continuous Threat Exposure Management (CTEM) in 2022, it formalized a problem security teams had been struggling with for years: patching large volumes of vulnerabilities was not translating into meaningful risk reduction. CTEM reframed the problem. Instead of measuring progress by the number of CVEs addressed, it shifted focus to whether attackers could actually reach and exploit assets that matter to the business. What Gartner did not provide was a concrete recipe for execution.

CVE-2026-24858 is an authentication bypass vulnerability affecting FortiCloud’s Single Sign-On (SSO) implementation. Under certain conditions, the flaw allows an unauthenticated attacker to bypass standard authentication checks and gain access to FortiCloud services without valid credentials. The root cause is tied to insufficient validation within the SSO authentication flow, where trust boundaries between identity assertions and session establishment are not enforced strictly enough.

CVE-2025-15467 is a stack-based buffer overflow vulnerability in the Cryptographic Message Syntax (CMS) implementation of OpenSSL, specifically within handling of AuthEnvelopedData structures. The flaw occurs during parsing of attacker-controlled CMS messages where length fields are not sufficiently validated before being copied into fixed-size stack buffers.

CVE-2026-24061 is an authentication bypass vulnerability affecting the Telnet service provided by GNU Inetutils. The issue allows an unauthenticated remote attacker to bypass expected authentication checks and gain access to the Telnet service under certain conditions.

Exposure management depends on the ability to consistently observe and attribute externally reachable systems. Domains are commonly treated as stable identifiers, resolving to IP addresses that can be associated with specific assets and monitored over time. In modern enterprise environments, this assumption increasingly fails. In many architectures, IP addresses function as routing mechanisms rather than stable identifiers, changing as traffic is distributed and infrastructure is rebalanced.

CVE-2025-14733 is a high-severity authentication bypass vulnerability affecting a widely deployed enterprise web application platform used to manage administrative and API access. The flaw allows attackers to bypass authentication controls under specific conditions by manipulating request parameters and session handling logic.

On December 3 2025, the React team released patched versions of the affected React Server Components packages. Framework vendors, including Next.js, provided updated builds on the same day. Any environment using React Server Components or frameworks that embed the RSC pipeline should.

CVE-2025-41115 is a critical privilege escalation and user-impersonation vulnerability in Grafana Enterprise. The issue occurs within the SCIM (System for Cross-domain Identity Management) provisioning feature. When SCIM is enabled, Grafana incorrectly maps the externalId field supplied by a SCIM client to an internal user.uid.

Security teams need clear signals, fast investigations and automation that fits into existing workflows. The latest CyCognito updates focus on streamlining asset operations, speeding up review of context and expanding what you can manage through the API. Recent enhancements include new asset management permissions, Asset List productivity improvements and additional API capabilities for realm freshness and issue lifecycle control.