Security teams need clear signals, fast investigations and enablement that fits into existing workflows. The latest CyCognito updates focus on improving posture visibility, expanding user learning in-app, and streamlining asset and issue review.
Recent enhancements include a new beta Homepage, CyCognito Academy, list view improvements and expanded notification controls.
New CyCognito Homepage (Beta)
A new platform Homepage is now available in beta for select customers. The Homepage provides a consolidated view of key security metrics and insights, helping teams quickly assess and communicate their external attack surface posture.
Customers with access can open the Homepage using the Home icon in the left-side navigation.
CyCognito Academy
CyCognito Academy is a new learning portal available directly from the CyCognito app navigation. It provides self-paced educational content to help users build a strong foundation in CyCognito, starting with Unit 1: Introduction to CyCognito.
Progress is saved automatically, allowing users to resume where they left off and revisit completed modules at any time.
Show Removal Date in Removed Issue Details
When viewing the Issue Details page for a removed issue, the removal date is now displayed at the top of the page, providing clearer historical context when reviewing resolved findings.
Platforms and Organizations Table Revamp
The Platforms and Organizations lists have been updated with an improved table experience. Sorting and table customization are now available, and we plan to introduce future improvements to other table views across out platform in the near future.
Other Brief Updates
- Assets and issues discovered within the last seven days are now highlighted in the Asset List and Issue List, with each entry showing how many days ago it was added.
- This makes it easier to identify recent changes and focus investigations on newly exposed risk.
- You can now control which email communications you receive from CyCognito using new toggle switches in User Settings, including notifications for Emerging Threats, new and upcoming features, and Release Notes.
- The Cloudflare and Wiz cloud connectors are no longer marked as beta. The “Beta” label has been removed from the Admin UI.
- Links included in data update emails have been updated to point to new URLs.
Recent Emerging Threat Research
Recent months saw a high number of critical vulnerabilities across widely used platforms and services. Below is a list of some of the highest-priority threats identified during this period:
- OpenSSL CMS AuthEnvelopedData stack overflow (CVE-2025-15467)
- HPE OneView unauthenticated remote code execution (CVE-2025-37164)
- n8n workflow automation vulnerabilities (CVE-2026-21858, CVE-2025-68613, CVE-2026-21877)
- GNU Inetutils Telnet authentication bypass (CVE-2026-24061)
- WatchGuard Fireware OS unauthenticated IKEv2 VPN remote code execution (CVE-2025-14733)
- React Server Components remote code execution (CVE-2025-55182, CVE-2025-66478)
- Grafana SCIM provisioning privilege escalation (CVE-2025-41115)
