Vercel Employee's AI Tool Access Led to Data Breach
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher notes.
Attack Surface Management identifies exposed assets and weaknesses so defenders can reduce unknown entry points, prioritize fixes, and limit attacker access.
Search across headline titles and summaries.
Background for this topic.
Attack Surface Management continuously identifies and monitors all digital assets an organization exposes to potential attackers, including internet-facing systems, cloud resources, APIs, employee devices, and third-party connections. This process reveals where vulnerabilities or misconfigurations might exist, which attackers could exploit to gain unauthorized access or move laterally within networks.
Maintaining an accurate, up-to-date inventory of assets enables targeted vulnerability scanning and prioritizes remediation efforts. It also uncovers shadow IT and forgotten resources that often lack security controls. Automated discovery and monitoring tools help sustain visibility over evolving attack surfaces, reducing the risk of exploitation through unknown or unmanaged entry points. This practice is essential for minimizing exposure and supporting effective defensive operations.
Weekly headline count for the current query.
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher notes.
Intruder's Chris Wallis argues mid-market teams should prioritize CVE remediation speed over vulnerability counts, while expanding defenses beyond CVEs to include attack surface management.
In this edition of "Reporters' Notebook," we discuss cyberattackers targeting the Milan-Cortina Winter Games, adding them to a long list of global sporting events in the crosshairs. Though the attack surface is grander, there are key incident-response takeaways for regular enterprises, too.
Reused passwords, a lack of network segmentation, and poor sanitization processes make the Internet of Things' attack surfaces more dangerous.
As AI deployments scale and start to include packs of agents autonomously working in concert, organizations face a naturally amplified attack surface.
While telnet is considered obsolete, the network protocol is still used by hundreds of thousands of legacy systems and IoT devices for remote access.
A total of 91,403 sessions targeted public LLM endpoints to find leaks in organizations' use of AI and map an expanding attack surface.
Researcher shows how agentic AI is vulnerable to hijacking to subvert an agent's goals and how agent interaction can be altered to compromise whole networks.
The Akira ransomware group has been experimenting with new tools, bugs, and attack surfaces, with demonstrated success in significant sectors.
Windows 10 reaches end-of-life on Oct. 14, which will triple the number of vulnerable enterprise systems and create a massive attack surface for cybercriminals.
The cloud now acts as the connecting infrastructure for many companies' assets — from IoT devices to workstations to applications and workloads — exposing the edge to threats.
VisionSpace Technologies' Andrzej Olchawa and Milenko Starcik discussed a set of vulnerabilities capable of ending space missions at the Black Hat USA 2025 News Desk.
For browsers, exploitation is out — getting users to compromise their own systems is in. Improved browser security has forced attackers to adapt their tactics, and they've accepted the challenge.
Securing the no-code supply chain isn't just about mitigating risks — it's about enabling the business to innovate with confidence.
TenableOne now pulls in data from AWS, Microsoft, and competitors to provide a holistic security view of the organization's attack surface.
Capital One executives share insights on how organizations should design their security program, implement passwordless technologies, and reduce their attack surface.
Exposed login panels for VPNs and remote access systems leave companies open to attack, sometimes tripling the risk of ransomware and making it harder to get cyber insurance.
A veritable grab bag of tools used to access critical infrastructure networks are wildly insecure, and they're blobbing together to create a widening attack surface.
As attack surfaces increase, partner networks widen, and security teams remain stretched, vulnerabilities and errors continue to be a daunting challenge.
With every new third-party provider and partner, an organization's attack surface grows. How, then, do enterprises use threat intelligence to enhance their third-party risk management efforts?