Expert insights on cybersecurity, attack surface management, and compliance — helping you stay ahead of emerging threats.
A zero-day in Adobe Acrobat Reader has been silently exploited since at least December 2025. CISA added CVE-2026-34621 to its KEV catalog on April 13 after Adobe released an emergency patch. Every enterprise running unpatched Acrobat is exposed.
A pre-authenticated remote code execution flaw in Marimo was exploited within 10 hours of disclosure. The attacker needed no public exploit code — only the advisory text. Here is what happened and why AI development tools are a growing attack surface.
NIS2 Article 21 requires organizations to implement risk-based vulnerability management — but most teams focus on the scanning side and miss the exposure side. Here is what the directive actually demands, where the gap is, and how to close it.
The March 2026 breach of the European Commission's AWS infrastructure did not just expose personal data — it handed attackers cryptographic signing keys that let them forge email from official EU domains. As of April 2026, those keys have not been publicly confirmed as rotated.
CISA added CVE-2026-1340 to KEV on April 8. Both Ivanti EPMM zero-days are now in mass exploitation — including 20+ confirmed compromises in Germany. Here is what the attack looks like and how to respond.
A PhaaS platform called EvilTokens has enabled a campaign that compromised 340+ Microsoft 365 organizations across five countries, including Germany, by exploiting a legitimate OAuth authentication flow that bypasses MFA entirely.
Fortinet released an emergency hotfix for CVE-2026-35616 after attackers began exploiting a pre-authentication API bypass in FortiClient EMS. CISA added it to KEV on April 6. Over 2,000 instances are internet-exposed, with significant concentration in Germany.
The fourth actively exploited Chrome zero-day of 2026 exposes a systemic gap: most mid-market organizations have no browser patch management. Here is why that matters and what to do about it.
Anthropic's Claude Mythos Preview can autonomously find and exploit zero-day vulnerabilities. For security teams, this changes the threat model and the urgency of defensive investment.
CISA added CVE-2026-3055 to KEV on March 30 after active exploitation. Organizations using NetScaler SAML IdP paths should treat this as immediate exposure reduction work.
CISA added CVE-2026-33634 to KEV on March 26 after active exploitation evidence. Teams using Trivy in CI/CD should treat this as an immediate exposure review.
CISA has KEV-listed CVE-2026-33017 for active exploitation. Organizations using Langflow should treat external exposure and upgrade execution as immediate priorities.
CISA has KEV-listed CVE-2025-32432 (Craft CMS) and CVE-2025-54068 (Laravel Livewire) for active exploitation. CMS and framework teams should treat patching as an immediate priority.
Thousands of FortiGate firewalls are still running with factory default credentials. Here's why this keeps happening and what attackers do with that access.
CISA has KEV-listed CVE-2026-20131 after active exploitation. Security teams should treat Cisco firewall management exposure as an immediate remediation priority.
Most organizations don't know what attackers can see. External Attack Surface Management closes this gap — before threat actors exploit it.
NIS2 expands cybersecurity obligations to thousands of German companies. Here's what changes, who is affected, and how to prepare.
Phishing remains the #1 initial access vector. Understanding how these attacks work is the first step to building resilience.
Two terms often confused, but fundamentally different approaches. Understanding the distinction is key to choosing the right security assessment.