New at Horizon3.ai

Mythos has collapsed the attack path. | Learn how to prove your defenses now. →

Resource Center

Welcome to our cybersecurity resource center where we uncover how malicious actors exploit weaknesses in systems, while going beyond the technical aspects and examining real-world perspectives across various industries.

LATEST VULNERABILITIES

Bomb Streamline Icon: https://streamlinehq.com

CVE-2026-9082

CVE-2026-9082 is a highly critical SQL injection vulnerability in Drupal core affecting PostgreSQL-backed deployments. The flaw allows unauthenticated attackers to execute arbitrary SQL queries and potentially compromise affected environments.
Read More →
Bomb Streamline Icon: https://streamlinehq.com

CVE-2026-23734

CVE-2026-23734 is a critical path traversal vulnerability affecting XWiki’s xwiki-commons-classloader-api component. The flaw may allow unauthenticated attackers to access sensitive configuration files through crafted ssx and jsx endpoint requests.
Read More →

SEARCH

CATEGORIES

TAGS

SEARCH

    Whitepapers

    The 2026 Buyer’s Guide to Penetration Testing

    May 20, 2026
    The 2026 Buyer’s Guide to Penetration Testing explains how security leaders are reevaluating pentesting based on exploitability, validation, and real-world attack paths.
    Read More →
    Cybersecurity evaluation guide focused on penetration testing, attack path validation, exploitability, and measurable risk reduction
    Customer Stories

    From Point-in-Time Testing to Continuous Security Validation

    May 18, 2026
    Learn how Mid Devon District Council moved beyond annual pentests to continuously validate exploitable risk, strengthen identity security, and accelerate remediation with autonomous pentesting.
    Read More →
    Horizon3.ai customer story booklet for Mid Devon District Council focused on continuous security validation and autonomous pentesting
    Whitepapers

    Strengthen Supply Chain Security for CMMC

    May 18, 2026
    This whitepaper explains how organizations can move beyond CMMC compliance to continuously validate real-world security across the supply chain.
    Read More →
    Blogs

    You’re Only as Secure as Your Last Evaluation

    May 18, 2026
    CMMC is shifting cybersecurity from periodic compliance to continuous validation across the Defense Industrial Base supply chain.
    Read More →
    Chart showing the phased implementation timeline for updated CMMC requirements across the Defense Industrial Base
    Blogs

    From Patch Tuesday to Pentest Wednesday®: How a Software Provider Closed Unknown Paths to Cloud Compromise

    May 13, 2026
    A healthcare software provider uncovered hidden attack paths to AWS compromise and transformed security operations through continuous validation.
    Read More →
    Pentest Wednesday banner featuring NodeZero and the Find-Fix-Verify security testing rhythm
    Attack Blogs, Attack Research, Blogs, Disclosures

    Autonomous AI Cyber Defense You Can Trust in Production

    May 6, 2026
    New research reveals how to make AI-powered cyber defense safe, stable, and reliable for real-world deployment.
    Read More →
    Horizon3.ai logo banner
    Whitepapers

    Unifying SOC and ITSM

    May 5, 2026
    A leadership guide to aligning SOC and ITSM teams using evidence-driven cyber risk management and real-world validation.
    Read More →
    Whitepaper mockup for bringing SOC and ITSM together to improve security operations and response workflows
    Video

    Webinar: When Conflict Extends Into Cyberspace

    Using Threat Actor Intelligence to Respond to Iranian Cyber Activity Recent Iranian cyber activity reveals a strategic shift toward a decentralized, opportunistic model. Rather than highly bespoke campaigns, operators are increasingly acting like "cyber guerrillas” by rapidly weaponizing newly disclosed VPN and edge device vulnerabilities to chain internet-facing exposures into enterprise-wide compromise. If your organization…
    Watch Now →
    Cybersecurity webinar on Iranian threat actors, attack paths, and threat intelligence for identifying real-world cyber risk
    Factsheets

    Project Glasswing & NodeZero® factsheet

    April 28, 2026
    See how Glasswing and NodeZero combine to identify vulnerabilities and validate which ones can actually be exploited.
    Read More →
    Project Mythos factsheet highlighting attack path validation and exposure management insights
    Video

    Webinar: Beyond the Mythos Hype

    Mythos Didn’t Break Cybersecurity. It Exposed What Was Already Broken. What the "Vulnpocalypse" Actually Means With the emergence of Anthropic’s Mythos, the narrative is clear: AI can now find, validate, and weaponize vulnerabilities faster than ever before. But is Mythos actually breaking cybersecurity, or is it simply exposing a foundation that was already cracked? Join us…
    Watch Now →
    Webinar on Mythos and AI-driven vulnerability discovery discussing exploitability, attack paths, and cybersecurity strategy