Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If you’re part of a cloud-first organization, building in fintech, healthcare, SaaS, or any environment where infrastructure shifts fast and data matters, external risk isn’t theoretical; it’s operational, with breach patterns evolving and compliance expectations tightening, visibility into what you’ve exposed online is no longer optional.

Your API attack surface is larger and more exposed than you realize. In today's complex, cloud-native environment, APIs are deployed at an astonishing rate. While this rapid pace fuels innovation, it also creates a significant visibility gap. The APIs you are aware of and manage are only the tip of the iceberg. Your actual risk exists beneath the surface, in the undocumented, unmanaged, and forgotten APIs that traditional security tools completely overlook.

Our DevOps environment moves fast. Cloud instances spin up and down. Containers launch and retire. New APIs appear without warning. Trying to track it all with scripts, spreadsheets, and one-off scans meant I often missed things. A TLS certificate would slip through. An open port would go unnoticed. I’d spend hours chasing down who owned an asset.

Security teams juggle a multitude of tools to keep their organizations safe. One platform scans for exposed assets, another tracks vulnerabilities, and yet another manages remediation tasks – and the list goes on. Organizations use an average of 38 different security products, leading to fragmented processes and a lot of “noise” in the form of findings. It’s no surprise that 85% of security professionals say all this noise makes it challenging to reduce risk quickly.

The cybersecurity industry has long been caught in the pendulum swing between platform consolidation and best-of-breed solutions. According to a recent Team8 CISO Village survey, it seems that pendulum may be swinging from recent years where consolidated platforms led the market back to best-of-breed. The survey reveals that 60% of CISOs now favor best-of-breed technologies over consolidated platforms.

Visibility without control is only half the battle. To truly stay ahead of attackers, security teams need precise access, trusted data, and efficient workflows they can rely on. That’s why we’re continuing to enhance the CyCognito platform with features that improve transparency, streamline operations, and put more power in your hands.

A critical remote code execution vulnerability, CVE-2025-54309, has been identified in CrushFTP server, impacting versions prior to 10.8.5 and 11.3.4_23. This vulnerability exists when the DMZ proxy feature is not in use. It stems from improper validation in the AS2 (Applicability Statement 2) protocol over HTTPS, allowing unauthenticated remote attackers to gain administrative access to the system.

Microsoft recently disclosed a critical remote code execution (RCE) vulnerability in Microsoft SharePoint Server, tracked as CVE-2025-53770. This flaw has been actively exploited in the wild, making it a high-priority concern for enterprises relying on SharePoint for content management and collaboration. In this blog, we’ll unpack the technical root of the vulnerability, how exploitation works, the risks posed, mitigation steps, and what to do if you think you may be impacted. In this article.

Today we’re releasing findings from a statistical sample of over 2 million internet-exposed assets, across on-prem, cloud, APIs, and web apps, discovered and analyzed by the CyCognito platform.