Research

And The Cloud Goes Wild: Looking at Vulnerabilities in Cloud Assets

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
April 29, 2025

Cloud assets are increasingly vulnerable, now accounting for one-third of all easily exploitable security issues. Organizations using multi-cloud environments—especially outside the major providers—face significantly higher exposure to both critical and easily exploitable risks. To manage this growing threat, businesses need full visibility into their external attack surfaces and should adopt proactive, automated platforms like CyCognito to detect and remediate vulnerabilities quickly.



Research

Emerging Threat: SAP NetWeaver Visual Composer CVE-2025-31324

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
April 28, 2025

On April 24, 2025, SAP disclosed CVE-2025-31324, a critical vulnerability (CVSS 10.0) in the Metadata Uploader of SAP NetWeaver Visual Composer 7.50, which is actively exploited. SAP released a patch, with details limited to customers, alongside other mitigation options. CyCognito has deployed detection tests and provides customers with asset lists to assess and validate remediation efforts.



Products

Black Box Discovery and DAST: CyCognito’s Integration with Wiz

Jason-Pappalexis
By Jason Pappalexis
Sr. Technical Marketing Manager
April 24, 2025

Cloud-Native Application Protection Platforms (CNAPPs) offer robust internal visibility, but they often fall short in identifying externally exposed assets and real-world vulnerabilities. This blog explores how CyCognito fills these critical gaps by bringing blackbox asset discovery and dynamic application security testing (DAST) to CNAPP workflows, in partnership with Wiz. Through seedless discovery and over 80,000 active security tests, CyCognito helps uncover hidden risks that internal tools miss, enabling DevSecOps teams to prioritize issues based on actual exploitability. The integration provides seamless data flow between platforms, delivering enriched context and actionable insights that significantly enhance cloud security posture.



Research

Emerging Threat: Ivanti CVE-2025-22457

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
April 7, 2025

CVE-2025-22457 is a critical buffer overflow vulnerability (CVSS 9.0) in Ivanti Connect Secure, Policy Secure, and ZTA Gateways, enabling unauthenticated remote code execution via a crafted X-Forwarded-For header. It has been actively exploited by espionage group UNC5221 and is listed in CISA’s KEV catalog. Patches are available for most affected products, but legacy Pulse Connect Secure devices require migration, and customers are advised to monitor for signs of compromise.



Research

Emerging Threat: Next.js CVE-2025-29927

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
March 27, 2025

CVE-2025-29927 is a critical authorization vulnerability (CVSS 9.1) in self-hosted Next.js applications using middleware, allowing attackers to bypass security checks with a crafted x-middleware-subrequest header. It affects versions 11.1.5 to 15.2.2, with patches available in newer releases. While there are no active exploits reported as of March 27, 2025, CyCognito has issued guidance to help organizations assess and mitigate exposure.



Products

Dynamic IPs Are Breaking Security — Here’s How to Fix It

Shahar-Agmon
By Shahar Agmon
Product Manager at CyCognito
March 3, 2025

Managing cybersecurity with constantly changing IP addresses can feel like chasing a moving target. Dynamic IPs, such as from content delivery networks and load balancers, create security blind spots and reduce asset visibility. Without appropriate context and history, security teams waste time on noise while real threats go unnoticed. This blog explores the challenges of dynamic IPs and how CyCognito helps organizations cut through the clutter for clear, actionable security insights.



Research

Emerging Threat: PAN-OS CVE-2025-0108

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
February 18, 2025

On February 12, 2025, Palo Alto Networks announced CVE-2025-0108, a high severity (8.8) authentication bypass vulnerability affecting Palo Alto Networks PAN-OS management web interface. This issue has a public PoC and is being actively exploited. CyCognito published an emerging threat advisory on this vulnerability within the CyCognito platform.



Strategy

Security Risks in Internet-exposed SCADA in Manufacturing

Rob-Gurzeev
By Rob Gurzeev
CEO & Co-Founder
February 10, 2025

As manufacturing enterprises adopt digital transformation, integrating SCADA with cloud-based solutions introduces serious cybersecurity risks. This case study highlights how a Fortune 500 manufacturer inadvertently exposed SCADA systems to the internet, making them vulnerable to attacks. Traditional security tools failed to detect these exposures due to blind spots in asset inventory and reliance on predefined IP ranges. By leveraging external exposure management, the company identified and remediated these risks before exploitation. This incident underscores the need for continuous attack surface monitoring, risk-based prioritization, and automated asset discovery to secure operational technology (OT) environments against emerging threats.



Research

Emerging Threat: Fortinet CVE-2024-55591

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
January 16, 2025

On January 14, 2025, Fortinet disclosed a new critical (CVSS 9.8) authentication bypass vulnerability affecting FortiOS and FortiProxy. CVE-2024-55591 allows unauthenticated remote attackers to target the Node.js WebSocket module of the administrative interface and potentially gain super-admin privileges. CyCognito is helping customers identify assets vulnerable to CVE-2024-55591.



Research

Emerging Threat: Ivanti Connect Secure CVE-2025-0282 and CVE-2025-0283

Emma-Zaballos
By Emma Zaballos
Product Marketing Manager
January 13, 2025

Ivanti disclosed two severe vulnerabilities affecting Ivanti Connect Secure VPN devices. While both vulnerabilities involve similar buffer overflow mechanisms, only one allows unauthenticated remote code execution (RCE) and has been exploited in the wild. CyCognito customers can check their assets to identify if any are potentially vulnerable to these issues using filters available in the CyCognito dashboard.




Topics



Search the Blog



Featured Posts








Top Tags



CyCognito Research Report

State of External Exposure Management, Summer 2024 Edition

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.

O'Reilly Report

Moving from Vulnerability Management to Exposure Management

Moving from Vulnerability Management to Exposure Management

Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.

Request a Free Scan

See Exactly What Attackers See

Get a Free Scan of Your Attack Surface

Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.