Your source for exposure management research, product news, and security insights.
CVE-2026-1731 affects BeyondTrust privileged access deployments, introducing potential risk to internet-facing administrative interfaces. External exposure data shows cross-industry impact, particularly in technology, hospitality, healthcare, and energy sectors, where exposed access management systems may expand attackers’ paths to high-value enterprise infrastructure.
Read more about What is CVE-2026-1731?Continuous Threat Exposure Management (CTEM) shifts security metrics from measuring activity to prioritizing impact. This refocuses reporting on urgent, validated issues and continuous testing coverage. By tracking remediation hours and material exposure reduction, organizations can effectively manage risk without creating unnecessary noise or alert fatigue.
Read more about Moving From Activity to Impact: How CTEM Refocuses Security KPIsThe latest CyCognito updates focus on improving posture visibility, expanding user learning in-app, and streamlining asset and issue review.
Read more about What’s New in CyCognito: February 2026 Platform EnhancementsCTEM reframed security around what attackers can actually reach and exploit. But Gartner didn’t provide an execution playbook. This blog breaks down what each stage demands in practice – and the anti-patterns that derail most programs.
Read more about Removing the Guesswork from CTEMSolarWinds disclosed multiple critical vulnerabilities in its Web Help Desk platform that may allow unauthenticated attackers to bypass security controls or execute code remotely. Organizations running exposed instances should patch immediately and assess external exposure to reduce risk.
Read more about SolarWinds Web Help Desk Vulnerabilities UpdateCVE-2026-24858 is an authentication bypass vulnerability in FortiCloud SSO that can expose internet-facing management interfaces to unauthorized access. This Emerging Threat highlights the risk posed by externally exposed control planes and the importance of continuous external asset visibility.
Read more about Emerging Threat: CVE-2026-24858 – FortiCloud SSO Authentication BypassCVE-2025-15467 is a stack-based buffer overflow in OpenSSL CMS AuthEnvelopedData parsing. A crafted CMS message can corrupt memory before authentication, risking crashes or code execution in exposed services that process untrusted encrypted or signed content from external attackers over networks.
Read more about Emerging Threat: CVE-2025-15467 – OpenSSL CMS AuthEnvelopedData Stack-Based Buffer OverflowCVE-2026-24061 is a newly assigned vulnerability that may allow remote code execution in externally exposed services due to improper input validation. Limited public details and lack of patches increase uncertainty, making comprehensive external asset visibility critical for effective risk assessment.
Read more about Emerging Threat: CVE-2026-24061 – Telnet Authentication Bypass in GNU InetutilsOur new study looks under the hood of domain-to-IP volatility to understand how modern infrastructure behaves and why it matters for enterprise security operations. Read the research for a deeper look at the mechanics behind changing DNS resolution and what it means for tracking assets and exposure over time.
Read more about Domain-to-IP Volatility at Scale: A Study of 4 Million Enterprise DomainsCyCognito adds the ability to discover externally reachable MCP servers and pull them into your asset inventory and security workflows. Check out this post to learn where MCP security breaks, and how it connects to external exposure management.
Read more about Introducing Discovery of Externally Reachable MCP Services
