Security Insights
Deep dives, expert analysis, and practical guidance on exposure management, adversarial validation, and the future of AI-driven security operations.
January 2024 Top CVE and Vulnerabilities Report
2024 is off to a crazy start in the cybersecurity world! Acquisitions are happening left, right, and center, and new cyber threats are emerging like weeds after a rainstorm. But fear not, security warriors! We're here to dish on the hottest vulnerabilities that have popped up this January, the kind
Difference in Traditional Vulnerability Management vs. Risk based Vulnerability Management
The key difference between risk based vulnerability management (RBVM) and traditional vulnerability management lies in prioritization. While both are concerned with identifying and addressing vulnerabilities, they take different approaches to deciding which vulnerabilities to tackle first. Risk Base
New Feature: Grouping Vulnerabilities To Streamline Patch Management
As someone who's been neck-deep in the world of cybersecurity for years, I've seen my fair share of "innovative" features come and go. Most don't fundamentally shift how we do things; they're just incremental improvements. However, every now and then, something comes along that really changes the ga
Offensive Security 101: Everything You Need to Know
For most, the term "offensive" evokes images of aggression and harm. But in cybersecurity, offensive security takes on a whole new meaning: proactive, strategic, and ultimately, robust security. That's the essence of offensive security, a practice that's rapidly evolving from a niche expertise to a
Understanding GitLab's Critical Security Release: CVE-2023-5009
Overview of the Vulnerability GitLab's recent critical security release addresses a vulnerability identified as CVE-2023-5009. This vulnerability, with a CVSS score of 9.6, posed a significant risk, particularly in the pipeline execution processes of GitLab's software. It affected versions before 16
Use Case: Rapid Identification and Escalation of a Critical Threat by Strobes ASM
Introduction In a recent critical incident, Strobes ASM, an attack surface management platform, played a key role in identifying and mitigating a severe threat in a custom-made WordPress application. The application was designed to require authentication for access, but due to a misconfiguration in
Strobes Custom Dashboards: Redefining Risk-Based Vulnerability Management
Say goodbye to generic dashboards and hello to customized vulnerability insights! Strobes' new custom vulnerability management dashboard feature injects a potent dose of personalization into your RBVM strategy. Let’s dive into the nitty-gritty of this feature and uncover how it revolutionizes the wa
Top 13 Cybersecurity Companies in US of 2025
With new threats emerging and existing ones becoming more sophisticated, cybersecurity is no longer a quiet backroom concern. Failure to prioritize cybersecurity leaves businesses, governments, and individuals vulnerable to crippling attacks with far-reaching consequences. To stay ahead of the curve
Strobes 2023 Pentesting Recap: Trends, Stats, and How PTaaS is Transforming Cybersecurity
Like every year, we are releasing some research and analysis around our pen-testing in 2023. This article covers key penetration testing statistics, including what category of vulnerabilities we commonly report across hundreds of customers, and how we reduce compliance times and turnaround time when
Attack Surface Management: What is it? Why do you need it?
Traditional asset inventory and vulnerability management software can’t keep up to date with the growing attack surface and morphing vulnerabilities. Contrary to other cybersecurity software, Attack Surface Management software operates from a hacker’s perspective which brings the SOCs and security t
A Critical Remote Code Execution(RCE) Vulnerability in Apache Struts2 Flaw Puts Your Web Apps at Risk
The web development world is constantly on guard against security threats, and a recent discovery in the popular Apache Struts2 framework serves as a stark reminder. This critical Remote Code Execution vulnerability, known as CVE-2023-50164, exposes a serious flaw that could allow malicious actors t
6 Must-Ask Questions Before Choosing a Penetration Testing Vendor
Choosing the right penetration testing vendor is critical to safeguarding your business. Before committing, CISOs and decision-makers must ask the right questions about expertise, certifications, testing methodology, reporting, compliance, and cost transparency. This guide outlines six must-ask ques