SolarWinds disclosed multiple critical vulnerabilities in its Web Help Desk platform that may allow unauthenticated attackers to bypass security controls or execute code remotely. Organizations running exposed instances should patch immediately and assess external exposure to reduce risk.
Read more about SolarWinds Web Help Desk Vulnerabilities Update
CyCognito Blog
Research
Search the Blog
Our new study looks under the hood of domain-to-IP volatility to understand how modern infrastructure behaves and why it matters for enterprise security operations. Read the research for a deeper look at the mechanics behind changing DNS resolution and what it means for tracking assets and exposure over time.
Read more about Domain-to-IP Volatility at Scale: A Study of 4 Million Enterprise DomainsAnalyzing 500,000 internet-exposed assets from Forbes Global 2000 enterprises, we uncovered just how uneven WAF coverage really is, and why that inconsistency creates hidden risk.
Read more about Over 50% of Enterprise External Assets Lack WAF Protection, Including PII PagesWe analyzed more than two million internet-exposed assets across cloud, on-prem, APIs, and web apps, discovered by our platform over the past 18 months. Using attacker-simulated testing, including black-box pentesting, dynamic application security testing (DAST), and active vulnerability scanning, we mapped how exploitable exposures cluster by industry and asset type. The results reveal systemic weaknesses in how organizations govern their digital perimeter, especially in environments shaped by rapid growth, third-party dependencies, and fragmented ownership.
Read more about What Over 2 Million Assets Reveal About Industry Vulnerability
Cloud assets are increasingly vulnerable, now accounting for one-third of all easily exploitable security issues. Organizations using multi-cloud environments—especially outside the major providers—face significantly higher exposure to both critical and easily exploitable risks. To manage this growing threat, businesses need full visibility into their external attack surfaces and should adopt proactive, automated platforms like CyCognito to detect and remediate vulnerabilities quickly.
Read more about And The Cloud Goes Wild: Looking at Vulnerabilities in Cloud AssetsCyCognito examined an anonymized set of ecommerce assets collected from November 2023 to October 2024. While there is evidence of better security practices, some basic vulnerabilities and misconfigurations persist. Retailers need to take the time to make sure their ecommerce sites are keeping valuable PII and financial information safe.
Read more about Gift or Grift? How Retailers Can Combat Cyber Threats This SeasonOn September 26, 2024, four critical RCE vulnerabilities were disclosed in components of the open-source printing system CUPS. CyCognito is investigating active detection methods for these vulnerabilities. Users can check if any assets are potentially vulnerable using provided filters in the CyCognito platform.
Read more about Emerging Security Issue: Multiple CUPS VulnerabilitiesOn October 9th, 2024, five vulnerabilities affecting Palo Alto Networks Expedition before version 1.2.96 were disclosed by Palo Alto Networks. These issues include OS command injection, SQL injection, cleartext storage of sensitive data, and reflected XSS vulnerabilities. Though active exploitation has not been reported, CyCognito has released an active test and in-app notification covering these issues due to risks posed by their severity and ease of exploitation.
Read more about Emerging Security Issue: Multiple Palo Alto Networks Expedition PAN-OS Firewalls VulnerabilitiesCyCognito just published our 2024 State of External Exposure Management Report. In this report, we looked at where serious issues hide on the average attack surface, how basic protections can help (or fail to) protect critical assets, and the ways that deprioritizing issues can help security teams spend their time on the right vulnerabilities.
Read more about Defensive Playbook: Understanding New Trends in External Risk with CyCognito’s State of External Exposure Management Report
A survey of cybersecurity professionals in the U.S. and U.K. reveals challenges in web application security testing. Key findings include extensive attack surfaces due to numerous in-house and third-party applications, frequent security incidents, concerns about the effectiveness of existing tools, and inadequate testing coverage. Additionally, over half of respondents struggle to remediate discovered vulnerabilities. These findings highlight the need for improved web application security testing strategies.
Read more about Web Application Security Testing: Struggles, Shortfalls and Solutions