Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Visibility without control is only half the battle. To truly stay ahead of attackers, security teams need precise access, trusted data, and efficient workflows they can rely on. That’s why we’re continuing to enhance the CyCognito platform with features that improve transparency, streamline operations, and put more power in your hands.

Today we’re releasing findings from a statistical sample of over 2 million internet-exposed assets, across on-prem, cloud, APIs, and web apps, discovered and analyzed by the CyCognito platform.

In today’s high-stakes cybersecurity landscape, one truth stands out: if you can’t see it, you can’t secure it. And if you can’t act on what you see, you’re no better off. That’s why we’re focused on delivering continuous improvements that help security teams move faster, see further, and reduce risk where it matters most.

CyCognito is always seeking additional methods to discover customer external-facing assets. One such resource is an integration with content delivery network (CDN) management systems. Many organizations manage most or all their DNS records with CDNs, as they provide IT and security teams with centralized management visibility.

Pen testers use active testing technologies to probe and analyze systems dynamically, just as an attacker does. Active testing confirms whether a vulnerability is actually exploitable, which security teams use to determine which vulnerabilities to prioritize for remediation. Active security testing delivers confidence, sorely needed in today’s IT security world where noise and false positives have become a major part of an analyst’s day.

External Attack Surface Management (EASM) emerged with a bold promise: to illuminate the dark corners of an organization’s internet-facing infrastructure. It was sold as a panacea for “you don’t know what you don’t know,” offering security leaders the ability to see everything attackers could see. The expectation was straightforward—feed the EASM solution a few IP ranges or domains, and it would map your exposed assets, vulnerabilities, and risks.

We admit it – we’ve had our heads in the clouds recently. Since we started working with Wiz as one of their integration partners, we’ve been spending even more time thinking about cloud assets. And these assets are everywhere! Gartner predicts double digit growth across all cloud segments in 2025.

On April 24th, 2025, SAP disclosed CVE-2025-31324, a critical missing authorization check vulnerability (CVSS 10.0) affecting the Metadata Uploader component of SAP NetWeaver Visual Composer. This vulnerability fails to restrict file upload content, allowing unauthenticated remote attackers to achieve full remote code execution (RCE) on affected servers.