Your source for exposure management research, product news, and security insights.
CVE-2025-41115 is a critical privilege escalation and user impersonation vulnerability in Grafana Enterprise. An attacker who exploits it can impersonate an administrator, modify dashboards and alerts, access connected databases and observability data, and pivot into other integrated systems.
Read more about Emerging Threat: CVE-2025-41115 – Critical SCIM Privilege Escalation in Grafana EnterpriseRecent enhancements include new asset management permissions, Asset List productivity improvements and additional API capabilities for realm freshness and issue lifecycle control.
Read more about What’s New in CyCognito: October 2025 Platform EnhancementsCVE-2025-64459 is a critical SQL injection flaw in Django’s ORM exposing internet-facing apps to unauthenticated data compromise. Learn which assets are at risk, what patches are available, and how CyCognito helps find and prioritize vulnerable systems across your attack surface.
Read more about Emerging Threat: Django SQL Injection Vulnerability (CVE-2025-64459)CVE-2025-64095 is a critical file-upload vulnerability in DNN that allows unauthenticated attackers to overwrite site content and inject malicious code. Learn what’s affected, how to mitigate the risk, and how CyCognito helps identify vulnerable external assets.
Read more about Emerging Threat: CVE-2025-64095 – Critical Unauthenticated File Upload Vulnerability in DNN (DotNetNuke)CVE-2025-55752 is a path traversal vulnerability in Apache Tomcat that can bypass security controls and, in configurations allowing HTTP PUT, enable malicious file uploads leading to potential remote code execution. Proof-of-concept code is available, and cybersecurity authorities warn exploitation attempts are likely.
Read more about Emerging Threat: Apache Tomcat Vulnerability CVE-2025-55752Analyzing 500,000 internet-exposed assets from Forbes Global 2000 enterprises, we uncovered just how uneven WAF coverage really is, and why that inconsistency creates hidden risk.
Read more about Over 50% of Enterprise External Assets Lack WAF Protection, Including PII PagesIn the past few weeks we delivered improvements across automation (including Action Rules), APIs improvements, new investigation and management options, and reporting controls for PDFs. Below is a detailed look at what is new.
Read more about What’s New in CyCognito: August 2025 Platform EnhancementsThis month’s CyCognito updates give security teams more precision, clarity, and control in exposure management. With the general availability of Teams for advanced role-based access control and enhanced service evidence for greater detection transparency, users gain deeper insights into their environments. Smarter search, streamlined navigation via the new Quick Start feature, and unified asset management improvements all support faster, more confident decision-making.
Read more about What’s New in CyCognito: July 2025 Platform EnhancementsWe analyzed more than two million internet-exposed assets across cloud, on-prem, APIs, and web apps, discovered by our platform over the past 18 months. Using attacker-simulated testing, including black-box pentesting, dynamic application security testing (DAST), and active vulnerability scanning, we mapped how exploitable exposures cluster by industry and asset type. The results reveal systemic weaknesses in how organizations govern their digital perimeter, especially in environments shaped by rapid growth, third-party dependencies, and fragmented ownership.
Read more about What Over 2 Million Assets Reveal About Industry VulnerabilityIn today’s cybersecurity environment, visibility and action are everything. CyCognito’s May updates help security teams move faster, simplify operations, and close critical gaps in protection. From streamlined Azure cloud connector setup to a new WAF protection dashboard, historical DNS tracking, smarter domain discovery, and AI-powered issue verification, these enhancements are built to support proactive exposure management. Discover how these new capabilities can help your team secure what matters most without added complexity.
Read more about What’s New in CyCognito: June 2025 Platform Enhancements
