New: 2026 Gartner® Market Guide for Adversarial Exposure Validation

Learn More

Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™

Learn More

New Research: Azure Arc Privilege Escalation & Identity Takeover

Learn More

An Inside Look at the Technology Behind Cymulate

Learn More

Cymulate Research Labs

Shai-Hulud 2.0: NPM Supply Chain Attack Exposes the SDLC's Weakest Link

Shai-Hulud 2.0 is an advanced npm supply chain attack that compromises packages and exploits CI/CD and SCM credentials.

Handala Hack: From Regional Disruption to Digital Destruction — Why Security Validation Matters Now

Handala Hack: From Regional Disruption to Digital Destruction — Why Security Validation Matters Now

CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover

February 17, 2026

New Cymulate WAF Rules: Turn Validation Gaps Into Actionable Defense

January 14, 2026

CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center

December 17, 2025

Uncovered: Improper Attestation Signature Validation in Windows Admin Center

December 15, 2025

CVE-2025-64669: Uncovering Local Privilege Escalation Vulnerability in Windows Admin Center

December 10, 2025

Shai-Hulud 2.0: NPM Supply Chain Attack Exposes the SDLC's Weakest Link

December 4, 2025

Critical RCE in React Server Components CVE-2025-55182 and CVE-2025-66478: What It Means for Security Teams

December 2, 2025

Testing LLM Resilience: How Cymulate Exposure Validation Simulates Prompt Injection and Jailbreaks

November 20, 2025

Simulating EtherHiding: Blockchain as a Malware

npm Under Siege: Worms, Toolchains and the Next Evolution of Supply Chain Attacks

October 23, 2025

npm Under Siege: Worms, Toolchains and the Next Evolution of Supply Chain Attacks

Patched Twice, Still Bypassed: New NTLM Leak (CVE-2025-59214)

October 16, 2025

Patched Twice, Still Bypassed: New NTLM Leak (CVE-2025-59214)

1 2 3 4 / 4