Security news aggregator

Latest coverage for Exposure

Stay informed on the latest exposure risks in information security. Expert analysis, breach updates, and data leak prevention tips. Stay secure!

25 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Exposure is the condition in which a system, service, credential, vulnerability, or sensitive information is accessible or discoverable by people or systems that should not reach it. In threat modeling, it describes an attack surface or loss of control—not proof that an attacker has succeeded. Examples include an internet-facing administration interface, cloud storage with unintended permissions, a secret committed to source code, or personal data sent to an unintended recipient. Its significance depends on what is exposed, who can reach it, and which protections remain.

The primary defense is exposure reduction: maintain an accurate asset inventory, remove unnecessary public access, enforce least-privilege permissions and strong authentication, patch externally reachable software, and revoke leaked credentials or secrets. Encryption can limit the value of exposed data, but does not correct an exposed access path. Continuous scanning and log review help identify changes and support rapid containment when exposure is discovered.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 25 Filtered view
Trend Micro Research, News and Perspectives 3 weeks, 5 days ago

From Langflow to Monero: Inside CVE-2026-33017 Cryptominer

We tracked a cryptocurrency-mining campaign exploiting CVE-2026-33017, which revealed how threat actors are now scanning exposed AI application infrastructure for their next foothold.

An OAuth supply chain compromise at Vercel exposed how trusted third party apps and platform environment variables can bypass traditional defenses and amplify blast radius. This article examines the attack chain, underlying design tradeoffs, and what it reveals about modern PaaS and software supply chain risk.

Trend Micro Research, News and Perspectives 3 months, 2 weeks ago

Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads

A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks.

Trend Micro Research, News and Perspectives 3 months, 2 weeks ago

Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads

A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks.

Not every cloud breach starts with malware or a zero-day. In this incident, attackers discovered an exposed Spring Boot Actuator endpoint, harvested credentials from leaked configuration data, then used the OAuth2 Resource Owner Password Credentials (ROPC) flow to authenticate without MFA.

We discovered Azure Storage Account credentials exposed in Axis Communications’ Autodesk Revit plugin, allowing unauthorized modification of cloud-hosted files. This exposure, combined with vulnerabilities in Autodesk Revit, could enable supply-chain attacks targeting end users.

Trend Micro Research, News and Perspectives 9 months, 3 weeks ago

AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks

Trend™ Research’s analysis of Wondershare RepairIt reveals how the AI-driven app exposed sensitive user data due to unsecure cloud storage practices and hardcoded credentials, creating risks of model tampering and supply chain attacks.

Trend Micro Research, News and Perspectives 1 year, 2 months ago

NVIDIA Riva Vulnerabilities Leave AI-Powered Speech and Translation Services at Risk

Trend Research uncovered misconfigurations in NVIDIA Riva deployments, with two vulnerabilities, CVE-2025-23242 and CVE-2025-23243, contributing to their exposure. These security flaws could lead to unauthorized access, resource abuse, and potential misuse or theft of AI-powered inference services, including speech recognition and text-to-speech processing.

Trend Micro Research, News and Perspectives 1 year, 3 months ago

Strengthen Security with Cyber Risk Advisory

In today’s fast-paced digital world, cyber threats are constantly evolving. Attackers are leveraging advanced techniques and artificial intelligence (AI) to exploit vulnerabilities, leaving organizations vulnerable to breaches and disruptions. To combat these challenges, organizations must stay vigilant and implement more proactive cybersecurity measures. This is where our Cyber Risk Advisory service, powered by the Trend Vision One™ Cyber Risk Exposure Management (CREM) solution, step in to provide a strategic edge.

Trend Micro Research, News and Perspectives 1 year, 3 months ago

CTEM + CREM: Aligning Your Cybersecurity Strategy

Cyber threats evolve daily, and organizations need to move beyond traditional security approaches to stay ahead. That’s why Continuous Threat Exposure Management (CTEM), a concept introduced by Gartner, has been gaining traction. CTEM isn’t just another cybersecurity buzzword; it’s a structured, continuous program designed to help organizations identify, assess, and mitigate security risks proactively. If you’re considering implementing a CTEM program, Trend Vision One TM Cyber Risk Exposure Management (CREM) solution—formerly known as Attack Surface Risk Management (ASRM)—can give you a significant head start.

Loading more headlines...