|
By Igal Zeifman
CVE-2026-3854 is a command injection vulnerability in GitHub Enterprise Server. It lives in the git push pipeline. User-supplied push option values were not properly sanitized before being embedded in an internal service header. The header format used a delimiter that could also appear in user input. A crafted push option containing that delimiter let an attacker inject additional metadata fields. Downstream services treated those fields as trusted internal values.
|
By Igal Zeifman
CVE-2026-40372 is an elevation of privilege vulnerability in ASP.NET Core caused by improper verification of cryptographic signatures in the Data Protection library. The flaw sits in the HMAC validation routine of the managed authenticated encryptor, where a defective comparison lets an attacker submit a forged payload that the application accepts as legitimately signed. The vulnerability carries a CVSS v3.1 base score of 8.1 (Important), as assigned by Microsoft in the official advisory.
|
By Igal Zeifman
CVE-2026-29145 is an authentication bypass flaw in Apache Tomcat and Apache Tomcat Native affecting the CLIENT_CERT authentication path. When OCSP soft-fail is disabled, certain code paths fail to treat an OCSP check failure as a hard authentication failure, allowing a connecting client to reach protected resources without presenting a valid, revocation-checked certificate.
|
By Igal Zeifman
CVE-2026-23869 is a denial of service vulnerability in React Server Components, caused by improper handling of cyclic data structures during deserialization of incoming HTTP requests. The vulnerability resides in the React Flight protocol's server-side reply handling, specifically in the createMap, createSet, and extractIterator functions within ReactFlightReplyServer.js. The vulnerability carries a CVSS v3.1 base score of 7.5 (High). Exploitation requires no authentication and no user interaction.
|
By Igal Zeifman
A few weeks ago the world was exposed to Mythos, Anthropic's new frontier model and the Project Glasswing announcement that came with it. The reaction across the industry was immediate. Cybersecurity stocks fell sharply. The Treasury Secretary convened an emergency meeting with major bank CEOs. 250 CISOs produced a response playbook over a single weekend. That is not a typical announcement or a PR "leak". That is a reckoning. Then, about a week later, I came across MOAK.
|
By Igal Zeifman
CVE-2026-27876 is an arbitrary file write vulnerability in Grafana's sqlExpressions feature that can be chained with a Grafana Enterprise plugin to achieve remote code execution (RCE) on the underlying host. The flaw exists because Grafana's SQL expressions feature permits writing arbitrary files to the server filesystem. An attacker can exploit this to overwrite a Sqlyze driver or write an AWS data source configuration file, ultimately obtaining an SSH connection to the Grafana host.
|
By Igal Zeifman
CVE-2026-20093 is an authentication bypass vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC), caused by improper input validation (CWE-20) in how the IMC XML API processes password modification requests. The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical). Exploitation is fully pre-authentication and requires no privileges and no user interaction.
|
By Igal Zeifman
On March 31, 2026, two malicious versions of axios were published to npm, , using credentials stolen from a lead axios maintainer. The attacker injected a hidden dependency into both releases that drops a remote access trojan (RAT) on any machine that ran npm install during the exposure window. No CVE identifier has been assigned at the time of writing. The malicious dependency executes automatically at install time via a postinstall hook, without any action by the developer.
|
By Igal Zeifman
CVE-2025-53521 is an unauthenticated remote code execution vulnerability in F5's BIG-IP Access Policy Manager (APM). The flaw exists in the apmd process, the daemon responsible for processing live access policy traffic, and is triggered when a BIG-IP APM access policy is configured on a virtual server and the system receives specific malicious traffic. No credentials are required to exploit it. The vulnerability carries a CVSS score of 9.8 and a CVSS score of 9.3.
|
By Igal Zeifman
On March 23, 2026, Cloud Software Group (Citrix) published a security bulletin disclosing two vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Both affect customer-managed on-premises deployments; Citrix-managed cloud services and Adaptive Authentication instances have been updated automatically. CVE-2026-3055 is an out-of-bounds read resulting from insufficient input validation in NetScaler ADC and NetScaler Gateway.
|
By CyCognito
Join CyCognito’s CEO Rob N. Gurzeev and Commvault’s Ben Herzberg to uncover what enforcing data security at scale actually requires and how to close the gap between policy and ground truth.
|
By CyCognito
-Recent breaches show AI risk is already present in many environments, often entering through suppliers, data flows, and integrations. But awareness alone is not enough. CISOs and security leaders must actively manage the expanded attack surface AI creates. In this session, experts from CyCognito and Panorays help you understand how to identify AI relationships, assess the risks they pose, and remediate vulnerabilities before they lead to an incident. You’ll learn.
|
By CyCognito
See the CyCognito platform in action to understand how it can help you identify, prioritize and eliminate your most critical risks.
|
By CyCognito
"CyCognito is worth every cent we pay and it helps me sleep better because I know we’re checking our internet-facing assets on a regular basis.” —Benjamin Bachmann | Vice President, Group CISO | Ströer.
|
By CyCognito
“CyCognito provides our company with cutting-edge technology enabling my team to have global visibility into our web-facing assets in an easy-to-use interface.” — Alex Schuchman | Chief Information Security Officer | Colgate-Palmolive Company.
|
By CyCognito
“I can’t point to another tool that does as thorough a job of exploring and exposing those assets that you didn’t even know you had. It’s so valuable." — Kevin Kealy | Chief Information Security Officer | Scientific Games.
|
By CyCognito
Learn how the CyCognito platform identifies attack vectors that might go undetected by other security solutions.
|
By CyCognito
Hear first hand from Chief Technical Officer, Randy Watkins, as he explains why attack surface mapping is critical to an organization’s security posture and managing their IT assets. Learn how prioritizing security risk helps to cut through a sea of security issues and gives focus to security teams on what is critical.
|
By CyCognito
CTEM, a comprehensive risk reduction framework, integrates visibility risk assessment, issue prioritization, and validation. This approach facilitates the continuous identification and testing of exposed systems, enhancing decision-making and enabling a more proactive threat response. Download the white paper, Understanding Continuous Threat Exposure Management, to learn about CTEM's core components and how they contribute to cybersecurity resilience, how CTEM addresses the challenge of managing risk on attack surfaces, and how CyCognito's capabilities align with CTEM's requirements.
|
By CyCognito
Your attack surface has grown, it's now in cloud infrastructure and across subsidiaries and unknown, unmanaged assets are everywhere. How are you finding these? Attackers look for, find and attack these unknown assets and when there are externally exposed risks, sensitive data and critical systems are put in danger. Read now, External Exposure & Attack Surface Management For Dummies.
|
By CyCognito
With the ever-growing volume of cybersecurity alerts and attacks bombarding security teams, more CISOs are taking a hard look at External Attack Surface Management (EASM) platforms to better understand how adversaries get into systems and how to keep them out. It's not surprising that EASM products have captured the industry's attention, as many organizations are seeing growth of their attack surfaces' growth outpace their detection and remediation abilities. Some of the driving causes: digital transformation, the cloud, third-party dependencies, subsidiary sprawl, and more.
|
By CyCognito
Your pen testing team is working hard, but they are facing an operational challenge due to the large number of assets they need to test and the time required to complete each test. As the fundamental approach to penetration testing has not changed much since the first test over 50 years ago, it's worth exploring whether the tool is still sufficient for securing today's IT environment.
- April 2026 (8)
- March 2026 (7)
- February 2026 (9)
- January 2026 (4)
- December 2025 (2)
- November 2025 (5)
- September 2025 (1)
- August 2025 (1)
- July 2025 (2)
- June 2025 (1)
- May 2025 (4)
- April 2025 (5)
- March 2025 (3)
- February 2025 (3)
- January 2025 (3)
- December 2024 (3)
- November 2024 (5)
- October 2024 (9)
- September 2024 (7)
- August 2024 (1)
- July 2024 (4)
- June 2024 (3)
- May 2024 (8)
- April 2024 (3)
- March 2024 (3)
- February 2024 (2)
- December 2023 (1)
- October 2023 (3)
- September 2023 (5)
CyCognito solves one of the most fundamental business problems in cybersecurity: seeing how attackers view your organization, where they are most likely to break in, what systems and assets are at risk and how you can eliminate the exposure.
Founded by national intelligence agency veterans, CyCognito has a deep understanding of how attackers exploit blind spots and a path of least resistance. Based in Palo Alto, CyCognito serves a number of large enterprises and Fortune 500 organizations, including Colgate-Palmolive, Tesco and many others.
Automated external attack surface management and continuous testing reduces your overall risk:
- Discovery: Proactively uncover exposed external assets — without input or configuration — using attacker reconnaissance approaches.
- Contextualization: Empower your team to know what an asset does, where it’s located, what other assets it connects to, and how attractive it is from that attacker perspective.
- Active Security Testing: Launch security testing across your full inventory of external assets, enabling a new level of visibility into risk and the steps needed to reduce it.
- Prioritization: Automate risk prioritization for external assets to focus your security team’s attention and energy on the 10 to 50 most critical exploited assets that matter the most.
- Remediation Acceleration: Quickly repair exploitable assets and reduce validation time from months to hours to swiftly prevent data breaches.
Discover, test and prioritize all of your web assets and applications.