Your source for exposure management research, product news, and security insights.
CVE-2026-24061 is a newly assigned vulnerability that may allow remote code execution in externally exposed services due to improper input validation. Limited public details and lack of patches increase uncertainty, making comprehensive external asset visibility critical for effective risk assessment.
Read more about Emerging Threat: CVE-2026-24061 – Telnet Authentication Bypass in GNU InetutilsOur new study looks under the hood of domain-to-IP volatility to understand how modern infrastructure behaves and why it matters for enterprise security operations. Read the research for a deeper look at the mechanics behind changing DNS resolution and what it means for tracking assets and exposure over time.
Read more about Domain-to-IP Volatility at Scale: A Study of 4 Million Enterprise DomainsCyCognito adds the ability to discover externally reachable MCP servers and pull them into your asset inventory and security workflows. Check out this post to learn where MCP security breaks, and how it connects to external exposure management.
Read more about Introducing Discovery of Externally Reachable MCP ServicesCVE-2026-21858, CVE-2025-68613, and CVE-2026-21877 expose critical remote code execution risks in n8n workflow automation. This blog outlines affected assets, available fixes, exploitation status, and recommended actions, and explains how CyCognito helps organizations identify exposed instances and reduce external risk effectively.
Read more about Emerging Threat: CVE-2026-21858, CVE-2025-68613 & CVE-2026-21877 – n8n Workflow Automation VulnerabilitiesCVE-2025-37164 is a critical unauthenticated remote code execution vulnerability in HPE OneView. Because OneView serves as a privileged infrastructure management platform, successful exploitation can grant attackers broad control over managed systems, increasing the risk of lateral movement and downstream compromise.
Read more about Emerging Threat: CVE-2025-37164 – Critical Unauthenticated Remote Code Execution in HPE OneViewCVE-2025-14733 is a high-severity authentication bypass vulnerability that can allow unauthenticated access to protected web applications and APIs. This blog explains affected assets, potential risk, available fixes, recommended actions, and how CyCognito helps organizations identify and reduce exposure.
Read more about Emerging Threat: CVE-2025-14733 – Authentication Bypass VulnerabilityCVE-2025-55182 is a critical RCE vulnerability in React Server Components affecting React 19 and Next.js applications. This blog explains what’s impacted, how attackers can exploit it, available patches, recommended actions, and how CyCognito helps organizations identify and prioritize exposed assets.
Read more about Emerging Threat: CVE-2025-55182 (React2Shell) – React Server Components RCE VulnerabilityCVE-2025-41115 is a critical privilege escalation and user impersonation vulnerability in Grafana Enterprise. An attacker who exploits it can impersonate an administrator, modify dashboards and alerts, access connected databases and observability data, and pivot into other integrated systems.
Read more about Emerging Threat: CVE-2025-41115 – Critical SCIM Privilege Escalation in Grafana EnterpriseRecent enhancements include new asset management permissions, Asset List productivity improvements and additional API capabilities for realm freshness and issue lifecycle control.
Read more about What’s New in CyCognito: October 2025 Platform EnhancementsCVE-2025-64459 is a critical SQL injection flaw in Django’s ORM exposing internet-facing apps to unauthenticated data compromise. Learn which assets are at risk, what patches are available, and how CyCognito helps find and prioritize vulnerable systems across your attack surface.
Read more about Emerging Threat: Django SQL Injection Vulnerability (CVE-2025-64459)
