Attack Path Management

To catch a criminal, you need to think like a criminal. This is not a new concept, and it’s one that has been employed… The post Seeing Through the Eyes of An Attacker: Validating Exposures from External Breach Points to Internal Critical Assets appeared first on XM Cyber.

Prevent Attacks that Put Your Business at Risk. As hybrid environments grow more complex, organizations are overwhelmed by a staggering volume of exposures. Traditional… The post Continuous Exposure Management Platform appeared first on XM Cyber.

It’s well known that security teams are often drowning in alerts. And considering that 74% of identified exposures are actually dead ends, i.e., they… The post Beyond the Patch – Why Frost & Sullivan Named Us Leader for the 2nd Time in a Row in ASV appeared first on XM Cyber.

Exposure validation is essential to filtering out noise and fixing what matters – and XM Cyber is helping organizations make that a reality. The post XM Cyber is the leader in Frost Radar™ 2026 Report for Automated Security Validation. appeared first on XM Cyber.

Overview On January 26, 2026, Microsoft issued emergency out-of-band security patches for a high-severity security feature bypass vulnerability in Microsoft Office, tracked as CVE-2026-21509…. The post Microsoft Office <br> Zero-Day Vulnerability, CVE-2026-21509, Under Active Exploitation appeared first on XM Cyber.

The cybersecurity industry has been driven by volume for years. More alerts, more scanners, and more “critical” vulnerabilities to patch. In 2025, this approach… The post The Practical Path to Fixing What Matters: XM Cyber’s 2025 Milestones and What They Mean for You appeared first on XM Cyber.

Connect the Dots. Eliminate Risk From External Exposures. Bridge the gap between your external attack surface and your internal environment. Move beyond simple discovery… The post XM Cyber External Attack Surface Management appeared first on XM Cyber.

A new way to escalate privileges inside Google’s Vertex AI highlights a broader problem: Enterprises have a level of trust in AI offerings that… The post Google Vertex AI security permissions could amplify insider threats appeared first on XM Cyber.

Back in the wild west, there was this guy, Willie Sutton. Willie’s chosen profession wasn’t the town dentist-barber or saloon owner. Nope, he was… The post Four Real-Life Financial Service Attacks Paths and How we Blocked Them appeared first on XM Cyber.

While analyzing Google’s Vertex AI, we discovered two distinct attack vectors, specifically in Ray on Vertex AI and the Vertex AI Agent Engine, where default configurations allow low-privileged users to pivot into higher-privileged Service Agent roles. The post Double Agent: Service Agent Privilege Escalation in Google Vertex AI appeared first on XM Cyber.