derPUPE<p>„One day my son, <br>all this <a href="https://chaos.social/tags/AttackSurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AttackSurface</span></a> <br>will be yours!“</p>
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
8.7Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.4
#attacksurface
1 post · 1 participant · 0 posts today
Wulfy<p>Chapter No.312 in the "AI is useless piece of shit with no use cases"</p><p>Prompt:<br>"I want you to add all the attack vectors, patterns and algorithms for NginX, Wordpress, Cadvisor... etc... Can you pull them from the web for me? I want a swiss army knife nginx error log parser"</p><p>Output:<br><Creates a log parser bash script ready to feed prometheus telemetry for Grafana monitoring> ...</p><p>Is it perfect?<br>Fsck no.<br>Is it good enough for my <a href="https://infosec.exchange/tags/selfhosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>selfhosted</span></a> <a href="https://infosec.exchange/tags/attacksurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attacksurface</span></a> telementry?<br>Fsck Yes.</p><p><a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OWASP</span></a> <a href="https://infosec.exchange/tags/Vibecoding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vibecoding</span></a> <a href="https://infosec.exchange/tags/Grafana" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Grafana</span></a> <a href="https://infosec.exchange/tags/PromptEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PromptEngineering</span></a> <a href="https://infosec.exchange/tags/GitGud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitGud</span></a></p>
Christoffer S.<p>Pretty cool research and "framework" from Guardz regarding Microsoft 365 Copilot attack surface.</p><p>I don't necessarily see that these surfaces have been tested or tried, so it's more of a theory from what I can gather.</p><p>But if there's some demonstrations that these methods actually do work, well that would be pretty nice demo material.</p><p><a href="https://guardz.com/blog/unpacking-the-microsoft-365-copilot-attack-surface/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">guardz.com/blog/unpacking-the-</span><span class="invisible">microsoft-365-copilot-attack-surface/</span></a></p><p><a href="https://swecyb.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://swecyb.com/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://swecyb.com/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLM</span></a> <a href="https://swecyb.com/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://swecyb.com/tags/AttackSurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AttackSurface</span></a></p>
Marco Ciappelli🎙️✨:verified: :donor:<p>🎯 NOW PUBLISHING: On-Location Coverage from <a href="https://infosec.exchange/tags/BlackHatUSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlackHatUSA</span></a> 2025!</p><p>We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!</p><p>🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!</p><p>We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏</p><p>The Often-Overlooked Truth in <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a>: Seeing the Unseen in Vulnerability Management</p><p>Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.</p><p>HD Moore, founder and CEO of runZero and creator of <a href="https://infosec.exchange/tags/Metasploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Metasploit</span></a>, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while <a href="https://infosec.exchange/tags/shadowIT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>shadowIT</span></a>, legacy hardware, and misconfigured devices remain invisible.</p><p>Key insights from our conversation: </p><p>• When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had </p><p>• The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days </p><p>• Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls </p><p>• Traditional agent-based tools can't see what attackers see</p><p><a href="https://infosec.exchange/tags/RunZero" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RunZero</span></a> inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.</p><p>📺 Watch the video: <a href="https://youtu.be/hkKJsKUugIU" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/hkKJsKUugIU</span><span class="invisible"></span></a> </p><p>🎧 Listen to the podcast: <a href="https://brand-stories-podcast.simplecast.com/episodes/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story-bM0PrkAw" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">brand-stories-podcast.simpleca</span><span class="invisible">st.com/episodes/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story-bM0PrkAw</span></a> 📖 Read the blog: <a href="https://www.itspmagazine.com/their-stories/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">itspmagazine.com/their-stories</span><span class="invisible">/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story</span></a></p><p>➤ Learn more about RunZero: <a href="https://itspm.ag/runzero-5733" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">itspm.ag/runzero-5733</span><span class="invisible"></span></a> </p><p>✦ Catch more stories from RunZero: <a href="https://www.itspmagazine.com/directory/runzero" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">itspmagazine.com/directory/run</span><span class="invisible">zero</span></a> </p><p>🎪 Follow all of our <a href="https://infosec.exchange/tags/BHUSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BHUSA</span></a> 2025 coverage: <a href="https://www.itspmagazine.com/bhusa25" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">itspmagazine.com/bhusa25</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/VulnerabilityManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityManagement</span></a> <a href="https://infosec.exchange/tags/AssetDiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AssetDiscovery</span></a> <a href="https://infosec.exchange/tags/AttackSurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AttackSurface</span></a> <a href="https://infosec.exchange/tags/BlackHatUSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlackHatUSA</span></a> <a href="https://infosec.exchange/tags/BHUSA25" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BHUSA25</span></a> <a href="https://infosec.exchange/tags/ShadowIT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ShadowIT</span></a> <a href="https://infosec.exchange/tags/SecurityVisibility" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityVisibility</span></a> <a href="https://infosec.exchange/tags/Metasploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Metasploit</span></a> <a href="https://infosec.exchange/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://infosec.exchange/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tech</span></a> <a href="https://infosec.exchange/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technology</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
OWASP Amass<p>Everyone's making final updates for the initial release of <span class="h-card" translate="no"><a href="https://infosec.exchange/@owasp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>owasp</span></a></span> Amass v5!</p><p>Register and join our workshop at <span class="h-card" translate="no"><a href="https://defcon.social/@defcon" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>defcon</span></a></span> for additional details: <a href="https://lu.ma/hf83v61c" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">lu.ma/hf83v61c</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/recon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>recon</span></a> <a href="https://infosec.exchange/tags/osint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>osint</span></a> <a href="https://infosec.exchange/tags/attacksurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attacksurface</span></a> <span class="h-card" translate="no"><a href="https://bird.makeup/users/defconowasp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>defconowasp</span></a></span></p>
ADMIN magazine<p>From the ADMIN Update newsletter: Learn how the tools used in attack surface management help identify attack surfaces more precisely and respond to changes in risk situations<br><a href="https://www.admin-magazine.com/Archive/2025/85/ASM-tools-and-strategies-for-threat-management?utm_source=mam" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">admin-magazine.com/Archive/202</span><span class="invisible">5/85/ASM-tools-and-strategies-for-threat-management?utm_source=mam</span></a><br><a href="https://hachyderm.io/tags/ASM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ASM</span></a> <a href="https://hachyderm.io/tags/tools" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tools</span></a> <a href="https://hachyderm.io/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://hachyderm.io/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://hachyderm.io/tags/AttackSurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AttackSurface</span></a> <a href="https://hachyderm.io/tags/SaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SaaS</span></a></p>
OWASP Amass<p>If you're planning to attend <span class="h-card" translate="no"><a href="https://defcon.social/@defcon" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>defcon</span></a></span> 33, and would like to quickly get up to speed on the upcoming Amass v5.0 release, then please consider registering for this workshop being hosted in the <span class="h-card" translate="no"><a href="https://infosec.exchange/@owasp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>owasp</span></a></span> Community Room!</p><p><a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/owasp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>owasp</span></a> <a href="https://infosec.exchange/tags/recon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>recon</span></a> <a href="https://infosec.exchange/tags/osint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>osint</span></a> <a href="https://infosec.exchange/tags/DEFCON" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DEFCON</span></a> <a href="https://infosec.exchange/tags/attacksurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attacksurface</span></a></p><p><a href="https://lu.ma/hf83v61c" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">lu.ma/hf83v61c</span><span class="invisible"></span></a></p>
LMG Security<p>New mass scanning activity may be the first step in another MOVEit attack.</p><p>Hackers are actively scanning the internet for exposed MOVEit systems—hundreds of unique IPs every day—suggesting the early stages of coordinated exploitation.</p><p>Threat intel firm GreyNoise warns this is the same pattern seen weeks before past mass attacks. Known MOVEit vulnerabilities, such as CVE-2023-34362 and CVE-2023-36934, are already being tested in the wild.</p><p>If your MOVEit Transfer instance is online and unmonitored, you may already be on an attacker’s target list.</p><p>Now’s the time to:<br>• Patch all known MOVEit vulnerabilities<br>• Limit public-facing access<br>• Monitor for scan activity and open ports<br>• Block IPs identified by threat intelligence feeds<br>• Harden file transfer environments and deploy honeypots if needed</p><p>Scanning isn’t random—it’s reconnaissance. Act now before scanning turns into breach.</p><p>Read the article for details: <a href="https://www.cuinfosecurity.com/scans-probing-for-moveit-systems-may-be-precursor-to-attacks-a-28832" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cuinfosecurity.com/scans-probi</span><span class="invisible">ng-for-moveit-systems-may-be-precursor-to-attacks-a-28832</span></a></p><p><a href="https://infosec.exchange/tags/MOVEit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MOVEit</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/MassScanning" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MassScanning</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://infosec.exchange/tags/AttackSurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AttackSurface</span></a> <a href="https://infosec.exchange/tags/LMGSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LMGSecurity</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/ITsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsecurity</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/penetrationtesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>penetrationtesting</span></a></p>
The DefendOps Diaries<p>Your digital defenses might be hiding more vulnerabilities than you think. Attackers are using automation to map every potential entry point—learn how next-gen Attack Surface Management is flipping the script on cyber threats.</p><p><a href="https://thedefendopsdiaries.com/enhancing-cybersecurity-with-attack-surface-management/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thedefendopsdiaries.com/enhanc</span><span class="invisible">ing-cybersecurity-with-attack-surface-management/</span></a></p><p><a href="https://infosec.exchange/tags/attacksurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attacksurface</span></a><br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a><br><a href="https://infosec.exchange/tags/automation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>automation</span></a><br><a href="https://infosec.exchange/tags/riskmanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>riskmanagement</span></a><br><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
Andrew 🌻 Brandt 🐇<p>It sometimes pays to run domains that serve purely as spam honeypots. Case in point: A spammer has been delivering a ConnectWise commercial remote access client application as a payload in a scam that uses the purported arrival of a US Social Security statement as its hook.</p><p>A 🧵 ...</p><p><a href="https://infosec.exchange/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConnectWise</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spam</span></a> <a href="https://infosec.exchange/tags/malspam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malspam</span></a> <a href="https://infosec.exchange/tags/attacksurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attacksurface</span></a> <a href="https://infosec.exchange/tags/SocialSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialSecurity</span></a> <a href="https://infosec.exchange/tags/SocialSecurityAdministration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialSecurityAdministration</span></a> <a href="https://infosec.exchange/tags/SSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSA</span></a> <a href="https://infosec.exchange/tags/usgov" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>usgov</span></a></p>
DeadSwitch @ T0m's 1T C4fe<p>Inside the Silence: The Daemon Watches You <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/HackerMindset" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerMindset</span></a> <a href="https://mastodon.social/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://mastodon.social/tags/DigitalSurveillance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitalSurveillance</span></a> <a href="https://mastodon.social/tags/PersistentThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PersistentThreats</span></a> <a href="https://mastodon.social/tags/CyberAwareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAwareness</span></a> <a href="https://mastodon.social/tags/SmallBusinessSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SmallBusinessSecurity</span></a> <a href="https://mastodon.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://mastodon.social/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberThreats</span></a> <a href="https://mastodon.social/tags/SecurityTips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityTips</span></a> <a href="https://mastodon.social/tags/OPSEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OPSEC</span></a> <a href="https://mastodon.social/tags/CyberDefense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberDefense</span></a> <a href="https://mastodon.social/tags/AttackSurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AttackSurface</span></a> <a href="https://mastodon.social/tags/DigitalPrivacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitalPrivacy</span></a> <a href="https://mastodon.social/tags/OpenSourceSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSourceSecurity</span></a> <a href="https://mastodon.social/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModeling</span></a> <a href="https://mastodon.social/tags/CyberProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberProtection</span></a> <a href="https://mastodon.social/tags/SecurityStrategy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityStrategy</span></a> <a href="https://mastodon.social/tags/AdversaryEmulation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AdversaryEmulation</span></a> <a href="https://mastodon.social/tags/SecurityAwareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityAwareness</span></a></p><p><a href="http://tomsitcafe.com/2025/04/09/%f0%9f%95%b6%ef%b8%8f-inside-the-silence-the-daemon-watches-you/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">http://</span><span class="ellipsis">tomsitcafe.com/2025/04/09/%f0%</span><span class="invisible">9f%95%b6%ef%b8%8f-inside-the-silence-the-daemon-watches-you/</span></a></p>
The Privacy Foundation<p>Musk/DOGE is a widely exposed single point of failure for international security. All it takes is for a state to overcome the personal security of inexperienced barely-post-tweens to essentially access all American information. There is no oversight on how the people's data is being handled. This is the worst kind of attack surface possible.</p><p><a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://mastodon.social/tags/doge" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>doge</span></a> <a href="https://mastodon.social/tags/maga" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>maga</span></a> <a href="https://mastodon.social/tags/uspol" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>uspol</span></a> <a href="https://mastodon.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://mastodon.social/tags/data" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>data</span></a> <a href="https://mastodon.social/tags/attacksurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attacksurface</span></a> <a href="https://mastodon.social/tags/trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>trump</span></a></p>
AJCxZ0<p>Assets.</p><p>Thank you, <span class="h-card" translate="no"><a href="https://infosec.exchange/@runZeroInc" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>runZeroInc</span></a></span>.</p><p><a href="https://infosec.exchange/tags/runZero" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>runZero</span></a> <a href="https://infosec.exchange/tags/AssetDiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AssetDiscovery</span></a> <a href="https://infosec.exchange/tags/NetworkDiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NetworkDiscovery</span></a> <a href="https://infosec.exchange/tags/NetworkScanning" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NetworkScanning</span></a> <a href="https://infosec.exchange/tags/AttackSurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AttackSurface</span></a> <a href="https://infosec.exchange/tags/CAASM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CAASM</span></a> <a href="https://infosec.exchange/tags/CyberAssetAttackSurfaceManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAssetAttackSurfaceManagement</span></a> <a href="https://infosec.exchange/tags/ExposureManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ExposureManagement</span></a> <a href="https://infosec.exchange/tags/InformationSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InformationSecurity</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a></p>
Doug Bostrom<p>Ideally, security schemes ought to _shrink_ the <a href="https://scicomm.xyz/tags/AttackSurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AttackSurface</span></a>.</p><p>But shrunken attack surfaces are not very glossy. Complexity must be introduced in order to sell bolting on yet another business plan, products and services.</p><p>Here a vulnerability and easy low-skill common point of unauthorized entry was purchased at great cost by customers thinking they were becoming safer, even as by so doing they were expanding the perimeter of their <a href="https://scicomm.xyz/tags/ThreatHorizon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHorizon</span></a>.</p><p><a href="https://www.theregister.com/2025/01/09/zeroday_exploits_ivanti/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2025/01/09/zer</span><span class="invisible">oday_exploits_ivanti/</span></a></p>
Pyrzout :vm:<p>What It Takes to Defend Against Cyber Threats and Dark Web Risks: Here’s What You Need to Know <a href="https://thecyberexpress.com/saket-verma-on-dark-web-trends/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thecyberexpress.com/saket-verm</span><span class="invisible">a-on-dark-web-trends/</span></a> <a href="https://social.skynetcloud.site/tags/TheCyberExpressNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheCyberExpressNews</span></a> <a href="https://social.skynetcloud.site/tags/CybersecurityIndia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CybersecurityIndia</span></a> <a href="https://social.skynetcloud.site/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://social.skynetcloud.site/tags/CybersecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CybersecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/DarkWebmonitoring" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DarkWebmonitoring</span></a> <a href="https://social.skynetcloud.site/tags/TheCyberExpress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheCyberExpress</span></a> <a href="https://social.skynetcloud.site/tags/FirewallDaily" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FirewallDaily</span></a> <a href="https://social.skynetcloud.site/tags/AttackSurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AttackSurface</span></a> <a href="https://social.skynetcloud.site/tags/SaketVerma" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SaketVerma</span></a> <a href="https://social.skynetcloud.site/tags/darkweb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>darkweb</span></a></p>
🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸<p>> Malicious VSCode extensions with 229M installs found on Microsoft marketplace </p><p><a href="https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-with-229m-installs-found-on-microsoft-marketplace/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/malicious-vscode-extensions-with-229m-installs-found-on-microsoft-marketplace/</span></a></p><p><a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/vscode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vscode</span></a> <a href="https://mastodon.social/tags/extension" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>extension</span></a> <a href="https://mastodon.social/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programming</span></a> <a href="https://mastodon.social/tags/ide" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ide</span></a> <a href="https://mastodon.social/tags/attackSurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attackSurface</span></a> <a href="https://mastodon.social/tags/microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microsoft</span></a> <a href="https://mastodon.social/tags/ide" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ide</span></a></p>
🇺🇦PhotoSniperFox🇺🇦<p><a href="https://universeodon.com/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> plans to <a href="https://universeodon.com/tags/force" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>force</span></a> all users to use <a href="https://universeodon.com/tags/Copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Copilot</span></a> and <a href="https://universeodon.com/tags/Recall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Recall</span></a>, two non- <a href="https://universeodon.com/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> algorithms, to keep a <a href="https://universeodon.com/tags/database" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>database</span></a> of past user actions so a user can return to them.<br>Neat idea. How will they deal with the <a href="https://universeodon.com/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://universeodon.com/tags/AttackSurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AttackSurface</span></a> it creates and how it makes you less <a href="https://universeodon.com/tags/safe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>safe</span></a>?</p><p>"Absolutely! Installing <a href="https://universeodon.com/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> is an alternative approach to avoid using Recall on your system. Linux provides a wide range of distributions (<a href="https://universeodon.com/tags/distros" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>distros</span></a>) that cater to different preferences and use cases."<br>Actual Microsoft Employee</p><p><a href="https://www.computerworld.com/article/2123524/windows-recall-a-privacy-nightmare.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">computerworld.com/article/2123</span><span class="invisible">524/windows-recall-a-privacy-nightmare.html</span></a></p><p><a href="https://universeodon.com/tags/PopOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PopOS</span></a> for me: <a href="https://pop.system76.com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pop.system76.com/</span><span class="invisible"></span></a></p><p>Distro finder: <a href="https://distrochooser.de/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">distrochooser.de/</span><span class="invisible"></span></a></p>
Pyrzout :vm:<p>Airsoft Data Breach Exposes Data of 75,000 Players – Source: securityboulevard.com <a href="https://ciso2ciso.com/airsoft-data-breach-exposes-data-of-75000-players-source-securityboulevard-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/airsoft-data-bre</span><span class="invisible">ach-exposes-data-of-75000-players-source-securityboulevard-com/</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBoulevard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBoulevard</span></a>(Original) <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBoulevard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBoulevard</span></a> <a href="https://social.skynetcloud.site/tags/socialengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>socialengineering</span></a> <a href="https://social.skynetcloud.site/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncidentResponse</span></a> <a href="https://social.skynetcloud.site/tags/SecuringtheCloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecuringtheCloud</span></a> <a href="https://social.skynetcloud.site/tags/SocialFacebook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialFacebook</span></a> <a href="https://social.skynetcloud.site/tags/AttackSurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AttackSurface</span></a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/datasecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>datasecurity</span></a> <a href="https://social.skynetcloud.site/tags/DataPrivacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataPrivacy</span></a> <a href="https://social.skynetcloud.site/tags/DataBreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataBreach</span></a> <a href="https://social.skynetcloud.site/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://social.skynetcloud.site/tags/FEATURED" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FEATURED</span></a> <a href="https://social.skynetcloud.site/tags/userdata" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>userdata</span></a> <a href="https://social.skynetcloud.site/tags/SocialX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialX</span></a> <a href="https://social.skynetcloud.site/tags/gaming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gaming</span></a> <a href="https://social.skynetcloud.site/tags/email" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>email</span></a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a> <a href="https://social.skynetcloud.site/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://social.skynetcloud.site/tags/pii" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pii</span></a></p>
OWASP Amass<p>The Amass Project received a glowing testimonial from an organization leveraging the <span class="h-card" translate="no"><a href="https://infosec.exchange/@owasp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>owasp</span></a></span> <a href="https://infosec.exchange/tags/attacksurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attacksurface</span></a> mapping system:</p><p>"For FortifyData, Amass is an invaluable tool in our arsenal for quickly and accurately determining asset footprints for cyber risk assessment. It reliably provides superior results without false positives. Further, the OAM database model provides inherent benefits beyond asset footprinting, such as identifying third parties associated with the target and nth-party detection. Working closely with the Amass team, we've watched Amass steadily enhance its capabilities. Our clients are deeply impressed with the results our platform generates using Amass data. We look forward to continuing to work with Amass and supporting its development!"</p><p>J. Eric Smith, VP Technology Services Delivery</p><p>Please let us know if your organization has a testimonial to share as well!</p>
Pyrzout :vm:<p>7 cyber assets secretly expanding your attack surface (and how to find them) – Source: www.cybertalk.org <a href="https://ciso2ciso.com/7-cyber-assets-secretly-expanding-your-attack-surface-and-how-to-find-them-source-www-cybertalk-org/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/7-cyber-assets-s</span><span class="invisible">ecretly-expanding-your-attack-surface-and-how-to-find-them-source-www-cybertalk-org/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/AttackSurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AttackSurface</span></a> <a href="https://social.skynetcloud.site/tags/TRENDINGNOW" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TRENDINGNOW</span></a> <a href="https://social.skynetcloud.site/tags/CyberTalk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberTalk</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload