Security news aggregator

Latest coverage for Attack Surface Management

Attack Surface Management identifies exposed assets and weaknesses so defenders can reduce unknown entry points, prioritize fixes, and limit attacker access.

313 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Attack Surface Management continuously identifies and monitors all digital assets an organization exposes to potential attackers, including internet-facing systems, cloud resources, APIs, employee devices, and third-party connections. This process reveals where vulnerabilities or misconfigurations might exist, which attackers could exploit to gain unauthorized access or move laterally within networks.

Maintaining an accurate, up-to-date inventory of assets enables targeted vulnerability scanning and prioritizes remediation efforts. It also uncovers shadow IT and forgotten resources that often lack security controls. Automated discovery and monitoring tools help sustain visibility over evolving attack surfaces, reducing the risk of exploitation through unknown or unmanaged entry points. This practice is essential for minimizing exposure and supporting effective defensive operations.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 313

Artificial intelligence (AI) is changing offensive security, but it has not changed the standard that matters most: a finding has to be proven before it becomes useful. AI-assisted tools can read code quickly, generate payloads, summarize attack surfaces, explain unfamiliar APIs, and run repetitive testing workflows at impressive speed. That is a real advantage for security teams. It also

When You Consume AI, You Inherit Every Upstream Risk You Can't SeeMost enterprises don't build AI, they consume it through APIs, open-source models and orchestration frameworks. Each layer inherits upstream risk with little visibility. This piece maps the four-layer AI supply chain and the existing security disciplines that bring it under control.

AI agents are accelerating the growth of non-human identities, making it harder for organizations to understand what exists, who owns it, and what it can access. Netwrix explains why stronger visibility and identity governance are essential as AI expands the enterprise attack surface. [...]

Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like MongoBleed earlier this year, which let attackers pull credentials and session tokens from server memory without authentication — anything internet-facing is immediately at risk

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems

Bank Info Security 1 month, 2 weeks ago

AI Agents Present Massive New Attack Surface

With Great Capabilities Comes Great RiskArtificial intelligence agents have well and truly arrived and companies of all kinds are rushing to deploy them. But experts warn that agentic AI brings with it a massive new attack surface and highlights the need for a comprehensive, systemic approach to AI security and governance.

Bank Info Security 1 month, 2 weeks ago

How to Secure AI Agents Before They Breach Your Stack

Rinki Sethi of Upwind Security on Fixing Identity Gaps in Agentic AIAgentic workflows introduce layered attack surfaces where each step can pass policy checks yet still cause a breach. Rinki Sethi of Upwind Security says threat modeling and identity governance must be built into agents from the start.

As AI expands the attack surface and alert fatigue grows, cyber exposure management offers a clearer path to understanding where risk truly concentrates and how to reduce it before a crisis hits. The post The readiness paradox: Why a false sense of cyber confidence is becoming a liability appeared first on CyberScoop.

AI Adoption Is Accelerating, but Workforce Capability Isn't Keeping PaceTechnology will continue to evolve. AI will embed itself across enterprise environments and attack surfaces will expand regardless of organizational readiness. The real challenge lies on the upskilling side, where the gap is widening - often without immediate visibility.

In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred toolkit of modern threat actors. Bitdefender's analysis

Windows Admin Center flaws mean on-prem can attack cloud, and vice-versa Black Hat Asia Israeli researchers found a series of flaws in Microsoft's Windows Admin Center (WAC) and suggest this shows hybrid cloud management tools are a two-way attack surface that users don't spend enough time worrying about.…

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems.  The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and

Loading more headlines...