🪶Apache Solr CVE-2026-44825: Authentication enabled does not always mean secured​ CVE-2026-44825 shows how unintended template accounts can remain after Basic Authentication setup in Apache Solr.​ Criminal IP findings:​ • 1,154 internet-exposed Solr Admin assets​ • Solr Admin interfaces discoverable via title: "Solr Admin"​ • Some exposed assets reveal version clues through admin endpoints or page resources​ ​ Public Solr Admin exposure gives attackers a starting point for version checks, authentication testing, and further vulnerability analysis.​ ​ 🔎 Full analysis​ criminalip.io/knowledge-hub/…​ #CyberSecurity #ThreatIntelligence #ApacheSolr #CVE #AttackSurface

RedHunt Labs is bringing its flagship training: "Offensive Recon: AI Exposures & Modern Attack Surfaces" to Black Hat USA 2026 and you don't want to miss this. Slot 1 - Aug 1–2: blackhat.com/us-26/training/… Slot 2 - Aug 3–4: blackhat.com/us-26/training/… Venue - Mandalay Bay, Las Vegas Save up to $300 with early registration! Seats are limited. Secure yours before they're gone. #BlackHat2026 #OffensiveRecon #AIExposures #AttackSurface #CyberSecurity #CTEM #RedHuntLabs

See every angle of your attack surface instantly. Binalyze Outpost integrates @Netlas_io data for real-time IP/domain insights, DNS, WHOIS, and exposed services, all from your browser. bit.ly/4w3Nqmt #SOC #ThreatHunting #OSINT #InfoSec #BinalyzeOutpost #AttackSurface

Attack Surface คืออะไร และทำไมองค์กรคุณมีมากกว่าที่คิด *********************** หลายองค์กรเข้าใจว่า Cybersecurity คือการติดตั้ง Firewall, Antivirus หรือเปิดใช้ SSL แล้วจบ แต่ในโลกจริง ผู้โจมตีไม่ได้มองระบบเป็นเครื่องเดียวหรือเว็บไซต์เดียว เขามององค์กรเป็น “พื้นที่รวมของจุดเข้าถึงทั้งหมด” ไม่ว่าจะเป็น Web Server, VPN, Email, Cloud Storage, API, Notebook พนักงาน, กล้องวงจรปิด, Router, NAS, ระบบ HR, Google Drive, Microsoft 365 หรือแม้แต่บัญชีทดสอบที่ลืมปิดไว้ พื้นที่ทั้งหมดนี้เรียกว่า Attack Surface หรือ “พื้นที่ที่อาจถูกโจมตีได้” ปัญหาคือ Attack Surface ขององค์กรส่วนใหญ่มักมีมากกว่าที่คิด เพราะระบบ IT ในปัจจุบันไม่ได้อยู่แค่ในห้อง Server อีกต่อไป แต่กระจายไปอยู่บน Cloud, SaaS, Mobile Device, Remote Work, IoT และระบบของ Vendor ภายนอก บทความนี้จะพาเข้าใจว่า Attack Surface คืออะไร มีประเภทใดบ้าง ทำไมมันขยายตัวเร็ว และองค์กรควรเริ่มลดความเสี่ยงอย่างไรแบบเป็นขั้นตอน อ่านต่อได้ที่ >> sysadmin.in.th/attack-surfac… -- #SysAdminth #Cybersecurity #AttackSurface #Linux #ผู้ดูแลระบบเครือข่าย #SystemAdmin #ITSecurity #VulnerabilityManagement #CloudSecurity #ZeroTrust

If your identity provider is trusted by everything… it’s also your biggest risk. Part 2 of our #thoughtleadership bloh series breaks down why the #IdP is now the #attacksurface👇 avertium.com/blog/the-identi… New posts drop weekly!

Retaliator.io/cybersecurity-… Vulnerability Assessment and Penetration Testing Services. #RetaliatorNation #AlwaysWinning #CyberRetaliatorSolutions #CRS #CyberSecurity #VAPT #PenTesting #EthicalHacking #RedTeam #OffensiveSecurity #AttackSurface #SecurityTesting #AdversarySimulation

Subdomain hijacked? It's the #SpiderMan pointing meme. 👉👈 ThreatNG spots #DanglingDNS before attackers steal your brand. threatngsecurity.com/glossar… #EASM #ExternalRisk #ExternalExposure #Cybersecurity #AttackSurface #SubdomainTakeover

🎯 Hacker-Scoper — Scope Filtering for Bug Bounty Hunters Stop wasting time on out-of-scope assets. Hacker-Scoper automatically matches URLs, domains, IPv4/IPv6 addresses, CIDR ranges, wildcards, and regex patterns against bug bounty program scopes, helping security researchers focus only on valid targets. 🔗 github.com/ItsIgnacioPortal/… #BugBounty #Recon #OSINT #Pentesting #CyberSecurity #GoLang #Automation #OpenSource #AttackSurface #InfoSec

Asset discovery is essential, but without context, it can create noise and overwhelm your team. Knowing which assets pose real risk allows your team to act on the threats that matter and address security risks. Learn more: hubs.ly/Q04kG1DK0 #cybersecurity #attacksurface

Half the visibility = half the protection na2.hubs.ly/H05krn80 #VulnerabilityManagement #VulnerabilityScanning #AttackSurface #CyberRisk #FullVisibility #SecurityMatters

🔄 Sn1per Enterprise continuously monitors your attack surface for: ✅New domains ✅New exposures ✅Risk score drift ✅Port changes ✅Hidden assets Act on what's changed the moment it happens — not weeks later. → sn1persecurity.com/wordpress… #EASM #ContinuousMonitoring #AttackSurface

"Luchini pouring from the sky."🌧️ Don't let risks rain on your parade. ThreatNG's connectorless platform maps the entire external attack surface, finding the shadow IT that other tools miss. #EASM #CTEM #CampLo #Luchini #Rap #HipHop #ExternalRisk #ExternalExposure #AttackSurface

Capping visibility at 500 assets creates blind spots. ThreatNG uses Entity-Centric Licensing for unlimited discovery without penalizing your growth. threatngsecurity.com/overvie… #EASM #CISO #CTEM #ExpandingBrain #AttackSurface #ExternalExposure #PreemptiveExposure #ExternalRisk

Why install anything? ThreatNG is a 100% connectorless Integrated External Risk Management Platform. See your true perimeter as an attacker does, agentless from the internet. threatngsecurity.com/overvie… #EASM #Agentless #NoConnectors #ExternalRisk #AttackSurface #ExternalExposure

🔄 Sn1per Enterprise continuously monitors your attack surface for: ✅New domains ✅New exposures ✅Risk score drift ✅Port changes ✅Hidden assets Act on what's changed the moment it happens — not weeks later. → sn1persecurity.com/wordpress… #EASM #ContinuousMonitoring #AttackSurface

🗂️ Samba CVSS 10.0: exposed SMB services are not just open ports CVE-2026-4480 and CVE-2026-4408 show how specific Samba configurations can turn file-sharing infrastructure into a remote code execution risk. Criminal IP findings: • 63,055 internet-exposed Samba assets on port 445 • Exposed services reveal SMB, NetBIOS, domain, and share information • Vulnerable smb.conf settings can increase real-world exploitability When Samba is reachable from the internet, configuration risk becomes attack surface risk. 🔎 Full analysis criminalip.io/knowledge-hub/… #CyberSecurity #ThreatIntelligence #AttackSurface #Samba #SMB

Our connectorless #DarkWeb Module catches #CompromisedCredentials before they are weaponized. Users: Log on! New? Get a free eval: threatngsecurity.com/darcupd… #Cybersecurity #IdentityProtection #DarkWeb #ThreatIntel #IncidentResponse #EASM #AttackSurface #ExternalRisk #Security

🐝 BBOT — The Recon Automation Beast for Bug Bounty Hunters & OSINT Analysts A next-gen reconnaissance framework built for: ✅ Attack Surface Mapping ✅ Subdomain Enumeration ✅ Web Crawling ✅ Email Enumeration ✅ Web Scanning ✅ Cloud Recon ✅ API Intelligence BBOT combines the power of tools like SpiderFoot, Amass, Nuclei & custom automation into one modular recon engine. ⚡ Finds 20–50% more subdomains than many traditional tools 🧠 NLP-powered subdomain mutations 📸 Web screenshots visual recon 🔗 Neo4j integration for attack surface graphing 🐍 Full Python API support Perfect for: 🎯 Bug Bounty 🔍 OSINT 🛡️ ASM ⚔️ Red Teaming 🔗 github.com/blacklanternsecur… #bugbountytips #Recon #OSINT #CyberSecurity #AttackSurface #Pentesting #RedTeam #Python

Metabigor is honestly one of the cleaner recon-focused OSINT tools I’ve seen for bug bounty & infrastructure mapping. Focused heavily on: • ASN/CIDR intelligence • CT log mining • Related-domain discovery • Infra ownership mapping • GitHub/grep.app recon • Shodan InternetDB enrichment What makes it interesting: it avoids relying heavily on expensive API keys and still provides very useful attack surface intelligence. A solid tool for large-scale recon workflows. Source: github.com/j3ssie/metabigor #BugBounty #CyberSecurity #Recon #OSINT #InfoSec #AttackSurface #AppSec #RedTeam #SecurityResearch

🚪 cPanel CVE-2026-41940: exposed hosting panels become takeover paths CVE-2026-41940 shows how internet-exposed cPanel/WHM interfaces can turn into immediate attack surfaces. Criminal IP findings: • 2,954 internet-exposed cPanel assets • 147 cPanel interfaces exposed on port 2083 • WHM admin interfaces exposed on port 2087 When authentication bypass leads to WHM-level access, one exposed panel can put multiple websites, databases, and hosting accounts at risk. 🔎 Full analysis criminalip.io/knowledge-hub/… #CyberSecurity #ThreatIntelligence #AttackSurface #cPanel #ASM