Cloud-Native Application Protection Platforms (CNAPPs) offer robust internal visibility, but they often fall short in identifying externally exposed assets and real-world vulnerabilities. This blog explores how CyCognito fills these critical gaps by bringing blackbox asset discovery and dynamic application security testing (DAST) to CNAPP workflows, in partnership with Wiz. Through seedless discovery and over 80,000 active security tests, CyCognito helps uncover hidden risks that internal tools miss, enabling DevSecOps teams to prioritize issues based on actual exploitability. The integration provides seamless data flow between platforms, delivering enriched context and actionable insights that significantly enhance cloud security posture.
Read more about Black Box Discovery and DAST: CyCognito’s Integration with WizCyCognito Blog
Your source for exposure management research, product news, and security insights.
Search the Blog
CVE-2025-22457 is a critical buffer overflow vulnerability (CVSS 9.0) in Ivanti Connect Secure, Policy Secure, and ZTA Gateways, enabling unauthenticated remote code execution via a crafted X-Forwarded-For header. It has been actively exploited by espionage group UNC5221 and is listed in CISA’s KEV catalog. Patches are available for most affected products, but legacy Pulse Connect Secure devices require migration, and customers are advised to monitor for signs of compromise.
Read more about Emerging Threat: Ivanti CVE-2025-22457CVE-2025-29927 is a critical authorization vulnerability (CVSS 9.1) in self-hosted Next.js applications using middleware, allowing attackers to bypass security checks with a crafted x-middleware-subrequest header. It affects versions 11.1.5 to 15.2.2, with patches available in newer releases. While there are no active exploits reported as of March 27, 2025, CyCognito has issued guidance to help organizations assess and mitigate exposure.
Read more about Emerging Threat: Next.js CVE-2025-29927
Managing cybersecurity with constantly changing IP addresses can feel like chasing a moving target. Dynamic IPs, such as from content delivery networks and load balancers, create security blind spots and reduce asset visibility. Without appropriate context and history, security teams waste time on noise while real threats go unnoticed. This blog explores the challenges of dynamic IPs and how CyCognito helps organizations cut through the clutter for clear, actionable security insights.
Read more about Dynamic IPs Are Breaking Security — Here’s How to Fix ItOn February 12, 2025, Palo Alto Networks announced CVE-2025-0108, a high severity (8.8) authentication bypass vulnerability affecting Palo Alto Networks PAN-OS management web interface. This issue has a public PoC and is being actively exploited. CyCognito published an emerging threat advisory on this vulnerability within the CyCognito platform.
Read more about Emerging Threat: PAN-OS CVE-2025-0108
As manufacturing enterprises adopt digital transformation, integrating SCADA with cloud-based solutions introduces serious cybersecurity risks. This case study highlights how a Fortune 500 manufacturer inadvertently exposed SCADA systems to the internet, making them vulnerable to attacks. Traditional security tools failed to detect these exposures due to blind spots in asset inventory and reliance on predefined IP ranges. By leveraging external exposure management, the company identified and remediated these risks before exploitation. This incident underscores the need for continuous attack surface monitoring, risk-based prioritization, and automated asset discovery to secure operational technology (OT) environments against emerging threats.
Read more about Security Risks in Internet-exposed SCADA in ManufacturingOn January 14, 2025, Fortinet disclosed a new critical (CVSS 9.8) authentication bypass vulnerability affecting FortiOS and FortiProxy. CVE-2024-55591 allows unauthenticated remote attackers to target the Node.js WebSocket module of the administrative interface and potentially gain super-admin privileges. CyCognito is helping customers identify assets vulnerable to CVE-2024-55591.
Read more about Emerging Threat: Fortinet CVE-2024-55591Ivanti disclosed two severe vulnerabilities affecting Ivanti Connect Secure VPN devices. While both vulnerabilities involve similar buffer overflow mechanisms, only one allows unauthenticated remote code execution (RCE) and has been exploited in the wild. CyCognito customers can check their assets to identify if any are potentially vulnerable to these issues using filters available in the CyCognito dashboard.
Read more about Emerging Threat: Ivanti Connect Secure CVE-2025-0282 and CVE-2025-0283CVE-2024-49113 is a high severity unauthenticated Denial of Service (DoS) vulnerability in Windows Lightweight Directory Access Protocol (LDAP). This vulnerability allows attackers to crash any unpatched Windows server with an internet-accessible DNS server by overwhelming a critical internal component of the operating system. Patching is recommended and vulnerable devices should be monitored for potential exploitation attempts.
Read more about Emerging Threat: Windows LDAP CVE-2024-49113CVE-2024-3393 is a high severity Denial of Service (DoS) vulnerability affecting specific versions of Palo Alto Networks PAN-OS DNS Security feature. CyCognito has shared lists of potentially affected assets running PAN-OS with affected customers alongside a notification in-platform.
Read more about Emerging Threat: Palo Alto PAN-OS CVE-2024-3393