Modern Approaches to Vulnerability and Exposure Management
Organizations are facing an overwhelming volume of software vulnerabilities, with over 40,000 new CVEs published in 2024 alone, making traditional vulnerability management approaches unsustainable. This has led to a shift toward exposure management, which focuses on reducing the active attack surface rather than simply closing vulnerability tickets. Exposure management platforms, such as Spektion, employ advanced techniques like behavioral monitoring and pre-CVE detection to identify and prioritize risks based on real-world exploitability, including the discovery of shadow IT and actively loaded vulnerabilities.
To support effective prioritization, the Common Vulnerability Scoring System (CVSS) provides a standardized framework for assessing and communicating the severity of vulnerabilities. The latest version, CVSS v4.0, introduces expanded metric groups and more granular scoring, enabling organizations to better compare vulnerabilities, prioritize mitigation efforts, and communicate risk to stakeholders. Together, these developments in exposure management platforms and vulnerability scoring systems are helping security teams move beyond the "CVE treadmill" and focus resources on the most critical threats.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Story first reported
Initial story creation
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Evolving Approaches to Security Validation and Vulnerability Management
Organizations are increasingly recognizing that simply investing in cybersecurity technologies such as firewalls, SIEMs, and endpoint detection and response (EDR) platforms does not guarantee effective protection against cyber threats. Despite significant expenditures on these tools, attackers continue to exploit misconfigurations, untested rules, and hidden dependencies that evade even the most advanced security environments. A major challenge lies in the misplaced confidence that security teams place in their technology stack, often assuming that controls are functioning as intended without continuous validation. This lack of ongoing assessment can result in underutilized investments, unnoticed security gaps, and operational inefficiencies, ultimately eroding the return on investment (ROI) of security programs. Many organizations focus on the costs and budget allocations of their cybersecurity tools but rarely measure whether these investments are actually effective at the point of need. For example, a next-generation firewall may be capable of blocking advanced threats, but improper configuration can leave critical blind spots. Similarly, endpoint protection platforms may fail to trigger detections during real attacks due to internal telemetry gaps. To address these issues, the cybersecurity industry is witnessing a shift from traditional, periodic vulnerability management (VM) to Continuous Threat Exposure Management (CTEM). CTEM, a term popularized by Gartner, emphasizes the need for continuous, proactive, and automated assessment, prioritization, validation, and remediation of exposures across an organization’s entire attack surface. Unlike traditional VM, which is often reactive and manual, CTEM leverages vulnerability and threat intelligence, attack simulation, and threat validation to provide comprehensive visibility and optimize risk prioritization and remediation. This evolution aims to help organizations coherently understand and manage risk across diverse environments, including endpoints, cloud, SaaS, and code repositories. The adoption of CTEM is driven by the need to address growing vulnerability backlogs, capacity and reliability issues with vulnerability databases, and the demand for actionable, business-aligned risk management. By continuously validating security controls and exposures, organizations can ensure that their investments are delivering measurable protection and are aligned with business outcomes. This approach also helps security teams move away from a perpetual search for new tools and instead focus on optimizing and validating the effectiveness of existing technologies. Ultimately, the integration of continuous validation and CTEM practices is becoming essential for organizations seeking to maximize the ROI of their cybersecurity investments and maintain robust defenses in an increasingly complex threat landscape.
Mar 21, 2026
Modern Approaches to Vulnerability Management and Threat Hunting
Security professionals are increasingly leveraging advanced techniques and data-driven strategies to improve vulnerability management and threat hunting. One approach emphasizes using vulnerability data not just for compliance, but as actionable intelligence to guide detection and response efforts. By integrating asset context and business criticality with vulnerability information, organizations can prioritize threats, uncover ongoing compromises, and refine their security posture. This shift transforms traditional vulnerability scans from static checklists into dynamic tools for adversary detection and risk reduction. Complementing this, technical guides and research highlight the importance of identifying and tracking adversary infrastructure, such as Cobalt Strike command-and-control servers, using specialized queries and hunting recipes. Comprehensive pentest data further reveals persistent issues like weak configurations, unpatched software, and poor password policies, underscoring the need for continuous improvement in vulnerability management. Foundational resources, such as the CVE database, remain critical for maintaining a shared understanding of vulnerabilities and supporting effective remediation and compliance efforts.
Mar 21, 2026
Risks and Exploitation Gaps in Vulnerability Disclosure and Management
Security teams face significant risk due to delays and gaps in the vulnerability disclosure process, with critical information about new vulnerabilities often taking days or weeks to reach widely used databases like the National Vulnerabilities Database (NVD). During this window, attackers can exploit vulnerabilities before defenders are even aware of their existence, especially when proof-of-concept exploits are published rapidly. The lack of early visibility and the time lag between CVE assignment, public advisories, and NVD publication create blind spots that can be leveraged by threat actors, underscoring the need for improved vulnerability management workflows and faster dissemination of actionable intelligence. Traditional vulnerability management approaches, which rely heavily on scanner outputs and CVSS scores, often fail to prioritize the most exploitable weaknesses, leading to wasted effort on non-critical issues while missing attack paths that could result in severe compromise. Integrating exploitability validation and business context—such as through autonomous pentesting and continuous verification—enables organizations to focus remediation on vulnerabilities that present real, environment-specific risk. This shift from triage to targeted action is essential for closing attack paths and reducing the window of exposure created by disclosure gaps.
Mar 21, 2026