Avertium

Avertium

https://www.avertium.com
https://www.linkedin.com/company/avertium-cybersecurity/

Avertium is a privately owned company headquartered in the US, founded in 2019 and employing approximately 230 individuals. The company operates as a cybersecurity provider, with its main product focus on computer and network security.

Revenue

Founded

2019

Headcount

221

Headquarters

US

Primary Segment

Computer and Network Security

Ownership

Privately Owned

News Summary:

On March 31, 2026, Avertium published insights on "AI Application Testing: Securing the New Attack Surface," examining how companies traditionally identify attack surfaces within their infrastructure—from servers to people—and how this informs security policy creation. Previously, on March 30, Avertium detailed CVE-2026-21284, a stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce that enables high-privileged attackers to inject malicious scripts for session hijacking and unauthorized data access. Earlier in the month, on March 29, the firm's CISO offered advice on adopting AI securely and responsibly, stressing the need to ensure safe and business-aligned scaling of AI to mitigate inherent risks. On March 19, Avertium also highlighted CVE-2026-21536, a critical unauthenticated remote code execution (RCE) vulnerability in the Microsoft Devices Pricing Program (DPP) that allows attackers to upload and execute malicious files without authentication or user interaction. This followed a March 16 assessment of "The Iran Conflict - Global Cyber Operations Risk," which identified a sustained elevation in global cyber risk and accelerated Iranian state-aligned cyber operations.

Subscribe for full access to Avertium's products in full detail

Subscribe for full access to Avertium's revenue in full detail

Mar

31st

2026

18:30

AI Application Testing: Securing the New Attack Surface

For many years, companies have understood the attack surface within their infrastructure. Everything from servers to networks and web applications, even the people, were considered in-scope for security testing. This format and mindset are embedded in the way security policies are created.

Mar

30th

2026

10:27

Stored XSS in Adobe Commerce

overview CVE-2026-21284 is a stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce that allows high-privileged attackers to inject malicious scripts into vulnerable form fields. When victims browse pages containing the compromised fields, the malicious JavaScript executes in their browsers, enabling session hijacking and unauthorized access to sensitive data.

Mar

29th

2026

18:30

Advice from a CISO: What It Takes to Adopt AI Securely and Responsibly

As a CISO, my role in AI adoption is not to slow innovation, it’s to ensure it scales safely, responsibly, and in alignment with the business. AI has enormous potential, but without discipline, it can quickly introduce risk faster than most organizations are prepared to manage.

Mar

19th

2026

14:13

Microsoft Devices Pricing Program Remote Code Execution Vulnerability

overview CVE-2026-21536 is a critical unauthenticated remote code execution (RCE) vulnerability in the Microsoft Devices Pricing Program (DPP) caused by unrestricted upload of files with dangerous types (CWE-434), allowing attackers to upload and execute malicious files on the server over the network with no authentication and no user interaction.

Mar

16th

2026

18:30

Emerging Tech, B2B Tag

CTA Campaign Assessment: The Iran Conflict - Global Cyber Operations Risk

1. EXECUTIVE SUMMARY The ongoing Iran‑related geopolitical conflict has resulted in a measurable and sustained elevation in global cyber risk, with Iranian state‑aligned cyber operations accelerating in both tempo and breadth.

Mar

11th

2026

10:14

Fortinet Addresses Critical FortiCloud SSO Authentication Bypass Under Active Exploitation

overview Fortinet has released guidance addressing CVE-2026-24858, a critical authentication bypass vulnerability affecting its FortiOS, FortiManager, and FortiAnalyzer products. With a CVSS score of 9.4, this vulnerability allows attackers to circumvent FortiCloud single sign-on (SSO) authentication and gain unauthorized access to devices registered to other accounts.

Mar

5th

2026

18:30

PCI DSS Scope Explained: Why Compliance Extends Beyond the Cardholder Data Environment

setting the stage for modern pci compliance It has been a little over 21 years since the Payment Card Industry Data Security Standard (PCI DSS) was rolled out to the world in December 2004. The major payment card brands came together as the PCI Security Standards Council (“SSC”) to unify the different payment security programs across Visa, Mastercard, AMEX, Discover, and JCB International.

Mar

2nd

2026

12:09

Cisco Catalyst SD-WAN Authentication Bypass Vulnerability

overview CVE-2026-20127 is a critical authentication bypass vulnerability (CVSS 10.0) in the peering authentication mechanism of Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage). It enables an unauthenticated remote attacker to send crafted requests, gain high-privileged non-root access, and manipulate SD-WAN network configurations via NETCONF.

Feb

16th

2026

18:30

Artificial Intelligence, B2B Tag

What CISOs Need Most in the Pursuit of AI Adoption: Data Governance, Risk Reduction, and Visibility

AI is no longer a future‑tense conversation for CISOs. It’s here, embedded across enterprise tools, fueling autonomous agents and shadow AI, accelerating both opportunity and risk at unprecedented speed. With this haste comes a widening readiness gap, and it’s one that places CISOs squarely at the center of determining whether AI becomes a strategic differentiator or a new attack surface hiding in plain sight.

Feb

16th

2026

11:58

Microsoft Word Security Feature Bypass Vulnerability

overview CVE-2026-21514 is a security feature bypass vulnerability in Microsoft Word due to reliance on untrusted inputs in a security decision (CWE-807), allowing an unauthorized local attacker to bypass protections against dangerous COM/OLE controls by opening a specially crafted Word document.

Feb

16th

2026

11:37

Windows Shell Security Feature Bypass Vulnerability

overview CVE-2026-21510 is a Windows Shell security feature bypass vulnerability (CVSS 8.8, rated Important) that allows an unauthorized attacker to bypass protections like Windows SmartScreen and Shell security prompts over a network, potentially enabling code execution.

Feb

9th

2026

09:46

Notepad++ Supply Chain Attack: Undetected Chains and Evolving Payloads

overview Kaspersky researchers uncovered multiple undocumented infection chains in a supply chain attack targeting Notepad++ users from July to October 2025, where attackers compromised the software's update mechanism to deliver Cobalt Strike Beacons and other malware to a limited set of victims, including organizations in Southeast Asia and financial entities.

Analyst insight reports

Beyond the Bundle: Defining the future of digital experiences

Sports rights trends: How sports drives opportunities for media tech and service providers

How AI is impacting media jobs

The customer support report

Subscribe to access all analyst insight reports