Palo Alto, CA, USA
2017
  |  By Rob Gurzeev
Over the past months, I’ve noticed a shift in customer conversations. Coverage, prioritization, emerging threats — those questions have given way to exposed MCP servers, unmanaged AI chatbots, and risks that don’t show up as CVEs. Mythos comes up in every other call. The calculus changed. AI now writes a quarter of production code, with twice as many vulnerabilities. The exploitation window collapsed from days to hours.
  |  By Igal Zeifman
CVE-2026-27577 is a code injection flaw in n8n, an open-source workflow automation platform, that lets an authenticated user with permission to create or modify workflows run system commands on the host through crafted workflow expressions. The vulnerability carries a CVSS base score of 9.4 (Critical). Exploitation requires authentication, but only the level of access needed to build or edit a workflow, which is a routine privilege for many users of the platform.
  |  By Igal Zeifman
CVE-2026-53721 is a route-rule middleware bypass in Nuxt, the open-source web development framework for Vue.js. It stems from a case-sensitivity mismatch between vue-router and the framework’s routeRules matcher, which lets an attacker reach a protected route by varying the casing of the request path. The vulnerability carries a CVSS v4.0 base score of 8.8 (High). Exploitation is pre-authentication and requires no user interaction.
  |  By Igal Zeifman
CVE-2026-49975 is a memory exhaustion vulnerability in the mod_http2 module of Apache HTTP Server that allows a remote attacker to cause a denial of service through maliciously crafted HTTP/2 requests. It is classified as CWE-789, Memory Allocation with Excessive Size Value, and was publicly disclosed as part of an attack technique nicknamed the “HTTP/2 Bomb.” The vulnerability carries a CVSS v3.1 base score of 7.5 (High).
  |  By Igal Zeifman
CVE-2026-0257 is an authentication bypass vulnerability in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS software that lets a remote attacker forge an authentication override cookie and establish an unauthorized VPN connection. The vulnerability carries a CVSS base score of 7.8 (High). It is tracked under CWE-565, reliance on cookies without validation and integrity checking. Exploitation is unauthenticated and requires no user interaction.
  |  By Igal Zeifman
CVE-2026-48172 is an incorrect privilege assignment flaw in the LiteSpeed User-End cPanel Plugin that allows any authenticated cPanel user to execute arbitrary scripts as root. The bug sits in the plugin's lsws.redisAble function, which can be invoked through the standard cPanel JSON API to run code with elevated privileges instead of the calling user's own. The vulnerability carries a CVSS v4.0 base score of 10.0 (Critical).
  |  By Igal Zeifman
Sample of assets impacted by NGINX nginx-poolslip vulnerability, identified by the CyCognito Platform.
  |  By Igal Zeifman
CVE-2026-9082 is an unauthenticated SQL injection vulnerability in Drupal core's database abstraction API, in the path that handles EntityQuery conditions against PostgreSQL backends. User-controllable PHP array keys reach SQL placeholder construction without sanitization, letting a remote attacker inject arbitrary SQL by sending crafted HTTP requests to a vulnerable site. The vulnerability carries a CVSS v3.1 base score of 6.5 (Medium) per NVD.
  |  By Igal Zeifman
CVE-2026-20182 is an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage). The flaw sits in the peering authentication path of the vdaemon service running over DTLS on UDP port 12346, the same control-plane service involved in CVE-2026-20127 earlier in 2026. It is not a patch bypass of that earlier issue, but a separate weakness in the device-type handling of the control connection handshake.
  |  By Igal Zeifman
CVE-2026-42945, nicknamed "NGINX Rift", is a heap buffer overflow in the ngx_http_rewrite_module component of NGINX. It has sat in the project's source code since 2008. F5 disclosed the flaw on May 13, 2026, after responsible disclosure by researchers at depthfirst, who reported finding it through an autonomous code scanning system.
  |  By CyCognito
Join CyCognito’s CEO Rob N. Gurzeev and Commvault’s Ben Herzberg to uncover what enforcing data security at scale actually requires and how to close the gap between policy and ground truth.
  |  By CyCognito
-Recent breaches show AI risk is already present in many environments, often entering through suppliers, data flows, and integrations. But awareness alone is not enough. CISOs and security leaders must actively manage the expanded attack surface AI creates. In this session, experts from CyCognito and Panorays help you understand how to identify AI relationships, assess the risks they pose, and remediate vulnerabilities before they lead to an incident. You’ll learn.
  |  By CyCognito
See the CyCognito platform in action to understand how it can help you identify, prioritize and eliminate your most critical risks.
  |  By CyCognito
"CyCognito is worth every cent we pay and it helps me sleep better because I know we’re checking our internet-facing assets on a regular basis.” —Benjamin Bachmann | Vice President, Group CISO | Ströer.
  |  By CyCognito
“CyCognito provides our company with cutting-edge technology enabling my team to have global visibility into our web-facing assets in an easy-to-use interface.” — Alex Schuchman | Chief Information Security Officer | Colgate-Palmolive Company.
  |  By CyCognito
“I can’t point to another tool that does as thorough a job of exploring and exposing those assets that you didn’t even know you had. It’s so valuable." — Kevin Kealy | Chief Information Security Officer | Scientific Games.
  |  By CyCognito
Hear first hand from Chief Technical Officer, Randy Watkins, as he explains why attack surface mapping is critical to an organization’s security posture and managing their IT assets. Learn how prioritizing security risk helps to cut through a sea of security issues and gives focus to security teams on what is critical.
  |  By CyCognito
Streamline Security Testing with Analytics, Trends, and Reporting: New Cybersecurity Automation Features to Streamline Attack Surface Protection.
  |  By CyCognito
See How CyCognito Monitors Your Subsidiaries for Security Risk.
  |  By CyCognito
Your attack surface has grown, it's now in cloud infrastructure and across subsidiaries and unknown, unmanaged assets are everywhere. How are you finding these? Attackers look for, find and attack these unknown assets and when there are externally exposed risks, sensitive data and critical systems are put in danger. Read now, External Exposure & Attack Surface Management For Dummies.
  |  By CyCognito
CTEM, a comprehensive risk reduction framework, integrates visibility risk assessment, issue prioritization, and validation. This approach facilitates the continuous identification and testing of exposed systems, enhancing decision-making and enabling a more proactive threat response. Download the white paper, Understanding Continuous Threat Exposure Management, to learn about CTEM's core components and how they contribute to cybersecurity resilience, how CTEM addresses the challenge of managing risk on attack surfaces, and how CyCognito's capabilities align with CTEM's requirements.
  |  By CyCognito
With the ever-growing volume of cybersecurity alerts and attacks bombarding security teams, more CISOs are taking a hard look at External Attack Surface Management (EASM) platforms to better understand how adversaries get into systems and how to keep them out. It's not surprising that EASM products have captured the industry's attention, as many organizations are seeing growth of their attack surfaces' growth outpace their detection and remediation abilities. Some of the driving causes: digital transformation, the cloud, third-party dependencies, subsidiary sprawl, and more.
  |  By CyCognito
Your pen testing team is working hard, but they are facing an operational challenge due to the large number of assets they need to test and the time required to complete each test. As the fundamental approach to penetration testing has not changed much since the first test over 50 years ago, it's worth exploring whether the tool is still sufficient for securing today's IT environment.

CyCognito solves one of the most fundamental business problems in cybersecurity: seeing how attackers view your organization, where they are most likely to break in, what systems and assets are at risk and how you can eliminate the exposure.

Founded by national intelligence agency veterans, CyCognito has a deep understanding of how attackers exploit blind spots and a path of least resistance. Based in Palo Alto, CyCognito serves a number of large enterprises and Fortune 500 organizations, including Colgate-Palmolive, Tesco and many others.

Automated external attack surface management and continuous testing reduces your overall risk:

  • Discovery: Proactively uncover exposed external assets — without input or configuration — using attacker reconnaissance approaches.
  • Contextualization: Empower your team to know what an asset does, where it’s located, what other assets it connects to, and how attractive it is from that attacker perspective.
  • Active Security Testing: Launch security testing across your full inventory of external assets, enabling a new level of visibility into risk and the steps needed to reduce it.
  • Prioritization: Automate risk prioritization for external assets to focus your security team’s attention and energy on the 10 to 50 most critical exploited assets that matter the most.
  • Remediation Acceleration: Quickly repair exploitable assets and reduce validation time from months to hours to swiftly prevent data breaches.

Discover, test and prioritize all of your web assets and applications.