Mastodawn

#OSINT, #BugBounty, #Pentesting, #CyberSecurity, #Infosec, #OriginServer, #CDNDetection, #DNSHistory, #SSLForensics, #FaviconFingerprinting, #AttackSurface, #InfrastructureAnalysis, #WebSecurity, #NetworkReconnaissance, #ThreatIntelligence, #SecurityResearch, #CloudSecurity, #ServerDiscovery, #DigitalForensics, #VulnerabilityAssessment

ZugZang 2d ago

New Product

https://shoppy.gg/product/PvKQaT9

To fix this, the origin server should be restricted to accept traffic only from Cloudflare IP ranges.

Real log

Jumile Mar 18

I'm still reading the first chapter of #AttackSurface by @pluralistic (audiobook; very well read). This security nerd is enjoying it a lot.

If someone can convince me that the protagonist, Masha, isn't at least inspired by @evacide , I will eat my shorts. (I don't recall a dedication at the start, so it may be moot).

#Doctorow #LittleBrother #bookstodon

𝕯𝖔𝖔𝖒𝖘𝖈𝖗𝖔𝖑𝖑™Mar 5

🔐 Identity compromise and reconnaissance are precursors to deeper breaches and targeted operations. Understanding this shift informs threat modeling and operational OPSEC. The latest index data only just published and signals a shift in attacker prioritization not yet widely reported.

https://industrialcyber.co/reports/ibm-x-force-reports-44-surge-in-exploitation-of-public-facing-applications-as-supply-chain-and-identity-attacks-intensify/ #AttackSurface

Manuel Bissey Mar 2

Thousands of public Google Cloud API endpoints are exposed — misconfigurations at scale create silent entry points. Visibility is the first line of defense. ☁️⚠️ #CloudSecurity #AttackSurface

https://thehackernews.com/2026/02/thousands-of-public-google-cloud-api.html

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

Research reveals 2,863 public Google API keys can access Gemini endpoints, enabling data exposure and massive billing abuse.

The Hacker News

TechNadu Feb 25

Security Advisory Summary:
SolarWinds Serv-U 15.5.4 patches four critical vulnerabilities:
• CVE-2025-40538 – Broken access control → system admin creation + root RCE
• Two type confusion flaws → root code execution
• One IDOR vulnerability → elevated execution

Attack prerequisites:
High-privileged access required. Exploitation likely via credential compromise or chained privilege escalation.

Exposure landscape:
12K+ internet-facing instances observed (Shodan)
File transfer platforms remain ransomware-favored entry vectors

Historical context:
Prior Serv-U CVEs exploited by ransomware groups and state-aligned actors.

Immediate actions:
- Patch to 15.5.4
- Audit privileged accounts
- Review FTP/SFTP exposure
- Monitor for anomalous admin creation

Source: https://www.bleepingcomputer.com/news/security/critical-solarwinds-serv-u-flaws-offer-root-access-to-servers/

Comment with your detection or hardening recommendations.

#Infosec #SolarWinds #ThreatIntel #CVE2025 #RCE #PrivilegeEscalation #BlueTeam #SecurityEngineering #AttackSurface #ZeroTrust

SecPoint Feb 19

https://www.youtube.com/watch?v=x3G_XszX0ec

SecPoint® Penetrator™ – New Target World Map Visualization

Learn more about the SecPoint® Penetrator Vulnerability Scanner:
https://www.secpoint.com/penetrator.html

Partner sign up:
https://www.secpoint.com/partner-signup.html

#SecPoint #CyberSecurity #VulnerabilityScanning #AttackSurface #NetworkSecurity

SecPoint Penetrator V66 Target Map

YouTube

Manuel Bissey Feb 3

Malicious MoltBot skills are pushing password-stealing malware — voice assistants are becoming a new social engineering vector. Convenience can be compromised. 🎙️🔓 #CredentialTheft #AttackSurface

https://www.bleepingcomputer.com/news/security/malicious-moltbot-skills-used-to-push-password-stealing-malware/

Malicious MoltBot skills used to push password-stealing malware

More than 230 malicious packages for the personal AI assistant OpenClaw (formerly known as Moltbot and ClawdBot) have been published in less than a week on the tool's official registry and on GitHub.

BleepingComputer

Manuel Bissey Jan 27

☢️ Nearly 800,000 Telnet servers are exposed to remote attacks — decades-old services are still wide open on the internet. Legacy risk is real risk. 🔓📡 #LegacySystems #AttackSurface

https://www.bleepingcomputer.com/news/security/nearly-800-000-telnet-servers-exposed-to-remote-attacks/

Nearly 800,000 Telnet servers exposed to remote attacks

Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server.

BleepingComputer

TechNadu Jan 22

Active exploitation is being observed via misconfigured security testing applications, enabling attackers to move from exposed training tools into cloud environments.

The issue centers on excessive IAM permissions, default credentials, and poor isolation between test and sensitive systems - not novel malware.

This reinforces the need to treat non-production assets as part of the threat surface.

Source: https://www.bleepingcomputer.com/news/security/hackers-exploit-security-testing-apps-to-breach-fortune-500-firms/

Follow @technadu for neutral, research-driven security reporting.

#CloudSecurity #IAM #Pentesting #Infosec #AttackSurface #TechNadu