🪶Apache Solr CVE-2026-44825: Authentication enabled does not always mean secured​ CVE-2026-44825 shows how unintended template accounts can remain after Basic Authentication setup in Apache Solr.​ Criminal IP findings:​ • 1,154 internet-exposed Solr Admin assets​ • Solr Admin interfaces discoverable via title: "Solr Admin"​ • Some exposed assets reveal version clues through admin endpoints or page resources​ ​ Public Solr Admin exposure gives attackers a starting point for version checks, authentication testing, and further vulnerability analysis.​ ​ 🔎 Full analysis​ criminalip.io/knowledge-hub/…​ #CyberSecurity #ThreatIntelligence #ApacheSolr #CVE #AttackSurface

RedHunt Labs is bringing its flagship training: "Offensive Recon: AI Exposures & Modern Attack Surfaces" to Black Hat USA 2026 and you don't want to miss this. Slot 1 - Aug 1–2: blackhat.com/us-26/training/… Slot 2 - Aug 3–4: blackhat.com/us-26/training/… Venue - Mandalay Bay, Las Vegas Save up to $300 with early registration! Seats are limited. Secure yours before they're gone. #BlackHat2026 #OffensiveRecon #AIExposures #AttackSurface #CyberSecurity #CTEM #RedHuntLabs

See every angle of your attack surface instantly. Binalyze Outpost integrates @Netlas_io data for real-time IP/domain insights, DNS, WHOIS, and exposed services, all from your browser. bit.ly/4w3Nqmt #SOC #ThreatHunting #OSINT #InfoSec #BinalyzeOutpost #AttackSurface

Attack Surface คืออะไร และทำไมองค์กรคุณมีมากกว่าที่คิด *********************** หลายองค์กรเข้าใจว่า Cybersecurity คือการติดตั้ง Firewall, Antivirus หรือเปิดใช้ SSL แล้วจบ แต่ในโลกจริง ผู้โจมตีไม่ได้มองระบบเป็นเครื่องเดียวหรือเว็บไซต์เดียว เขามององค์กรเป็น “พื้นที่รวมของจุดเข้าถึงทั้งหมด” ไม่ว่าจะเป็น Web Server, VPN, Email, Cloud Storage, API, Notebook พนักงาน, กล้องวงจรปิด, Router, NAS, ระบบ HR, Google Drive, Microsoft 365 หรือแม้แต่บัญชีทดสอบที่ลืมปิดไว้ พื้นที่ทั้งหมดนี้เรียกว่า Attack Surface หรือ “พื้นที่ที่อาจถูกโจมตีได้” ปัญหาคือ Attack Surface ขององค์กรส่วนใหญ่มักมีมากกว่าที่คิด เพราะระบบ IT ในปัจจุบันไม่ได้อยู่แค่ในห้อง Server อีกต่อไป แต่กระจายไปอยู่บน Cloud, SaaS, Mobile Device, Remote Work, IoT และระบบของ Vendor ภายนอก บทความนี้จะพาเข้าใจว่า Attack Surface คืออะไร มีประเภทใดบ้าง ทำไมมันขยายตัวเร็ว และองค์กรควรเริ่มลดความเสี่ยงอย่างไรแบบเป็นขั้นตอน อ่านต่อได้ที่ >> sysadmin.in.th/attack-surfac… -- #SysAdminth #Cybersecurity #AttackSurface #Linux #ผู้ดูแลระบบเครือข่าย #SystemAdmin #ITSecurity #VulnerabilityManagement #CloudSecurity #ZeroTrust

If your identity provider is trusted by everything… it’s also your biggest risk. Part 2 of our #thoughtleadership bloh series breaks down why the #IdP is now the #attacksurface👇 avertium.com/blog/the-identi… New posts drop weekly!

Η επίθεση ωρίμασε πρώτη In the new issue of @netweek_gr , Thanasis Karpouzas, discusses how offensive security has evolved over the last 25 years. From exposed servers, SQL Injection and perimeter-based security, to cloud, SaaS, APIs, identity attacks and AI-assisted threats, the article highlights a key reality: security is no longer only about the perimeter. It is about continuously testing real attack paths, validating controls, and turning findings into meaningful action. The piece explains why modern offensive security must go beyond assumptions and checklists. Today, organizations need practical evidence, clear reporting, continuous validation and collaboration between red teams, blue teams and business stakeholders. We invite you to read the new issue of netweek and explore how controlled #OffensiveSecurity helps organizations understand exposure, improve resilience and prepare for the threats of tomorrow. - issuu.com/boussiasmedia/docs… #Logisek #Netweek #OffensiveSecurity #Cybersecurity #PenetrationTesting #RedTeam #SecurityTesting #AttackSurface #CloudSecurity #IdentitySecurity #APIsecurity #InfoSec #AIsecurity

Retaliator.io/cybersecurity-… Vulnerability Assessment and Penetration Testing Services. #RetaliatorNation #AlwaysWinning #CyberRetaliatorSolutions #CRS #CyberSecurity #VAPT #PenTesting #EthicalHacking #RedTeam #OffensiveSecurity #AttackSurface #SecurityTesting #AdversarySimulation

Subdomain hijacked? It's the #SpiderMan pointing meme. 👉👈 ThreatNG spots #DanglingDNS before attackers steal your brand. threatngsecurity.com/glossar… #EASM #ExternalRisk #ExternalExposure #Cybersecurity #AttackSurface #SubdomainTakeover

Asset discovery is essential, but without context, it can create noise and overwhelm your team. Knowing which assets pose real risk allows your team to act on the threats that matter and address security risks. Learn more: hubs.ly/Q04kG1DK0 #cybersecurity #attacksurface

Half the visibility = half the protection na2.hubs.ly/H05krn80 #VulnerabilityManagement #VulnerabilityScanning #AttackSurface #CyberRisk #FullVisibility #SecurityMatters

🔄 Sn1per Enterprise continuously monitors your attack surface for: ✅New domains ✅New exposures ✅Risk score drift ✅Port changes ✅Hidden assets Act on what's changed the moment it happens — not weeks later. → sn1persecurity.com/wordpress… #EASM #ContinuousMonitoring #AttackSurface

"Luchini pouring from the sky."🌧️ Don't let risks rain on your parade. ThreatNG's connectorless platform maps the entire external attack surface, finding the shadow IT that other tools miss. #EASM #CTEM #CampLo #Luchini #Rap #HipHop #ExternalRisk #ExternalExposure #AttackSurface

Capping visibility at 500 assets creates blind spots. ThreatNG uses Entity-Centric Licensing for unlimited discovery without penalizing your growth. threatngsecurity.com/overvie… #EASM #CISO #CTEM #ExpandingBrain #AttackSurface #ExternalExposure #PreemptiveExposure #ExternalRisk

Why install anything? ThreatNG is a 100% connectorless Integrated External Risk Management Platform. See your true perimeter as an attacker does, agentless from the internet. threatngsecurity.com/overvie… #EASM #Agentless #NoConnectors #ExternalRisk #AttackSurface #ExternalExposure

Vulnerability exploitation has officially overtaken stolen credentials as the number one breach entry point globally. Are your defenses adapting fast enough? ⏱️ As an official contributor to the 2026 Verizon Business Data Breach Investigations Report (#DBIR), SecurityScorecard supported this year's DBIR findings. Through our TITAN AI platform and Driftnet telemetry across the global IPv4 and IPv6 space, our STRIKE Threat Intelligence team mapped out these exploitation timelines to help organizations stay one step ahead. If you haven't reviewed this year's DBIR findings, now is the time. The report provides important insight into how attackers are gaining access and what security leaders can do to reduce risk across their organizations and supply chains. 👉 Read the full 2026 DBIR: verizon.com/business/resourc… 👉 See how SecurityScorecard maps your attack surface: securityscorecard.com/platfo… #Cybersecurity #DBIR2026 #ThreatIntel #VulnerabilityManagement #AttackSurface #TITANAI

🔄 Sn1per Enterprise continuously monitors your attack surface for: ✅New domains ✅New exposures ✅Risk score drift ✅Port changes ✅Hidden assets Act on what's changed the moment it happens — not weeks later. → sn1persecurity.com/wordpress… #EASM #ContinuousMonitoring #AttackSurface

🗂️ Samba CVSS 10.0: exposed SMB services are not just open ports CVE-2026-4480 and CVE-2026-4408 show how specific Samba configurations can turn file-sharing infrastructure into a remote code execution risk. Criminal IP findings: • 63,055 internet-exposed Samba assets on port 445 • Exposed services reveal SMB, NetBIOS, domain, and share information • Vulnerable smb.conf settings can increase real-world exploitability When Samba is reachable from the internet, configuration risk becomes attack surface risk. 🔎 Full analysis criminalip.io/knowledge-hub/… #CyberSecurity #ThreatIntelligence #AttackSurface #Samba #SMB

Our connectorless #DarkWeb Module catches #CompromisedCredentials before they are weaponized. Users: Log on! New? Get a free eval: threatngsecurity.com/darcupd… #Cybersecurity #IdentityProtection #DarkWeb #ThreatIntel #IncidentResponse #EASM #AttackSurface #ExternalRisk #Security

🐝 BBOT — The Recon Automation Beast for Bug Bounty Hunters & OSINT Analysts A next-gen reconnaissance framework built for: ✅ Attack Surface Mapping ✅ Subdomain Enumeration ✅ Web Crawling ✅ Email Enumeration ✅ Web Scanning ✅ Cloud Recon ✅ API Intelligence BBOT combines the power of tools like SpiderFoot, Amass, Nuclei & custom automation into one modular recon engine. ⚡ Finds 20–50% more subdomains than many traditional tools 🧠 NLP-powered subdomain mutations 📸 Web screenshots visual recon 🔗 Neo4j integration for attack surface graphing 🐍 Full Python API support Perfect for: 🎯 Bug Bounty 🔍 OSINT 🛡️ ASM ⚔️ Red Teaming 🔗 github.com/blacklanternsecur… #bugbountytips #Recon #OSINT #CyberSecurity #AttackSurface #Pentesting #RedTeam #Python

Metabigor is honestly one of the cleaner recon-focused OSINT tools I’ve seen for bug bounty & infrastructure mapping. Focused heavily on: • ASN/CIDR intelligence • CT log mining • Related-domain discovery • Infra ownership mapping • GitHub/grep.app recon • Shodan InternetDB enrichment What makes it interesting: it avoids relying heavily on expensive API keys and still provides very useful attack surface intelligence. A solid tool for large-scale recon workflows. Source: github.com/j3ssie/metabigor #BugBounty #CyberSecurity #Recon #OSINT #InfoSec #AttackSurface #AppSec #RedTeam #SecurityResearch