Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security teams need clear signals, fast investigations and enablement that fits into existing workflows. The latest CyCognito updates focus on improving posture visibility, expanding user learning in-app, and streamlining asset and issue review. Recent enhancements include a new beta Homepage, CyCognito Academy, list view improvements and expanded notification controls.

When Gartner introduced Continuous Threat Exposure Management (CTEM) in 2022, it formalized a problem security teams had been struggling with for years: patching large volumes of vulnerabilities was not translating into meaningful risk reduction. CTEM reframed the problem. Instead of measuring progress by the number of CVEs addressed, it shifted focus to whether attackers could actually reach and exploit assets that matter to the business. What Gartner did not provide was a concrete recipe for execution.

CVE-2026-24858 is an authentication bypass vulnerability affecting FortiCloud’s Single Sign-On (SSO) implementation. Under certain conditions, the flaw allows an unauthenticated attacker to bypass standard authentication checks and gain access to FortiCloud services without valid credentials. The root cause is tied to insufficient validation within the SSO authentication flow, where trust boundaries between identity assertions and session establishment are not enforced strictly enough.

CVE-2025-15467 is a stack-based buffer overflow vulnerability in the Cryptographic Message Syntax (CMS) implementation of OpenSSL, specifically within handling of AuthEnvelopedData structures. The flaw occurs during parsing of attacker-controlled CMS messages where length fields are not sufficiently validated before being copied into fixed-size stack buffers.

CVE-2026-24061 is an authentication bypass vulnerability affecting the Telnet service provided by GNU Inetutils. The issue allows an unauthenticated remote attacker to bypass expected authentication checks and gain access to the Telnet service under certain conditions.

Exposure management depends on the ability to consistently observe and attribute externally reachable systems. Domains are commonly treated as stable identifiers, resolving to IP addresses that can be associated with specific assets and monitored over time. In modern enterprise environments, this assumption increasingly fails. In many architectures, IP addresses function as routing mechanisms rather than stable identifiers, changing as traffic is distributed and infrastructure is rebalanced.

CVE-2025-14733 is a high-severity authentication bypass vulnerability affecting a widely deployed enterprise web application platform used to manage administrative and API access. The flaw allows attackers to bypass authentication controls under specific conditions by manipulating request parameters and session handling logic.

On December 3 2025, the React team released patched versions of the affected React Server Components packages. Framework vendors, including Next.js, provided updated builds on the same day. Any environment using React Server Components or frameworks that embed the RSC pipeline should.

CVE-2025-41115 is a critical privilege escalation and user-impersonation vulnerability in Grafana Enterprise. The issue occurs within the SCIM (System for Cross-domain Identity Management) provisioning feature. When SCIM is enabled, Grafana incorrectly maps the externalId field supplied by a SCIM client to an internal user.uid.