XM Cyber Attack Path Management
- OAuth client ID spoofing silently validates stolen Microsoft Entra ID credentialsby keren.farin@xmcyber.com on July 16, 2026 at 9:42 am
At least two threat actors have weaponized a novel evasion technique calledĀ OAuth client ID spoofingĀ in multiple cloud campaigns. The post OAuth client ID spoofing silently validates stolen Microsoft Entra ID credentials appeared first on XM Cyber.
- Closing the Gap Between Exposure Discovery & Remediationby keren.farin@xmcyber.com on July 16, 2026 at 9:12 am
Drive efficient and effective exposure remediation with the evidence required to overcome the burden of proof The post Closing the Gap Between Exposure Discovery & Remediation appeared first on XM Cyber.
- Capitalize on Mythos Hype to Fix Your Exposure and Vulnerability Managementby keren.farin@xmcyber.com on July 7, 2026 at 7:49 am
The cybersecurity market is reactively panicking about automated vulnerability identification and autonomous AI exploit builders. With the emergence of automated toolsets like Anthropicās Claude… The post Capitalize on Mythos Hype to Fix Your Exposure and Vulnerability Management appeared first on XM Cyber.
- Are You Leveraging Boardroom AI Hype to Get Buy-In for Exposure Management?by keren.farin@xmcyber.com on July 6, 2026 at 8:35 am
Traditional security models cannot keep pace with AI-speed threat activity. However, the surge in boardroom focus on AI cyber risks- like Claude Mythos Preview… The post Are You Leveraging Boardroom AI Hype to Get Buy-In for Exposure Management? appeared first on XM Cyber.
- The 2026 Verizon DBIR Stopped Asking How Attackers Get in and Started Asking Where They Goby keren.farin@xmcyber.com on July 2, 2026 at 12:12 pm
For 19 years, every edition of the Verizon DBIR told the same story about initial access ā credential theft was the number one entry… The post The 2026 Verizon DBIR Stopped Asking How Attackers Get in and Started Asking Where They Go appeared first on XM Cyber.
- Did AI kill vulnerability managementāor just expose its flaws?by keren.farin@xmcyber.com on June 29, 2026 at 12:12 pm
The system was already under strain beforeĀ Mythos arrived on the scene. But regardless of whether Claude Mythos lives up to the hype, our customers… The post Did AI kill vulnerability managementāor just expose its flaws? appeared first on XM Cyber.
- macOS Weaknesses Chained to Silently Disable Endpoint Security Agentsby keren.farin@xmcyber.com on June 28, 2026 at 2:47 pm
A standard non-admin account is sufficient to conduct an attack that exploits legitimate OS behavior rather than software vulnerabilities. The post macOS Weaknesses Chained to Silently Disable Endpoint Security Agents appeared first on XM Cyber.
- New macOS security flaw could let hackers disable protection tools, researchers sayby keren.farin@xmcyber.com on June 28, 2026 at 2:46 pm
Security firm XM Cyber found aĀ macOSĀ technique that can let standard user accounts disable some enterprise security tools without administrator credentials. The post New macOS security flaw could let hackers disable protection tools, researchers say appeared first on XM Cyber.
- Appleās MacOS Gap Lets Users Disable Security Toolsby keren.farin@xmcyber.com on June 28, 2026 at 2:45 pm
Attackers can exploit the issue to disable security and integrated browser tools without needing administrator privileges or kernel exploits. The post Appleās MacOS Gap Lets Users Disable Security Tools appeared first on XM Cyber.
- Stop Legacy Infrastructure From Hijacking Your AI Agentsby keren.farin@xmcyber.com on June 23, 2026 at 7:49 am
On-Demand Technical Session | Originally Presented at the US Gartner Security & Risk Management Summit, 2026 The post Stop Legacy Infrastructure From Hijacking Your AI Agents appeared first on XM Cyber.







