I'm still reading the first chapter of #AttackSurface by @pluralistic (audiobook; very well read). This security nerd is enjoying it a lot.
If someone can convince me that the protagonist, Masha, isn't at least inspired by @evacide , I will eat my shorts. (I don't recall a dedication at the start, so it may be moot).
🔐 Identity compromise and reconnaissance are precursors to deeper breaches and targeted operations. Understanding this shift informs threat modeling and operational OPSEC. The latest index data only just published and signals a shift in attacker prioritization not yet widely reported.
https://industrialcyber.co/reports/ibm-x-force-reports-44-surge-in-exploitation-of-public-facing-applications-as-supply-chain-and-identity-attacks-intensify/ #AttackSurface
Thousands of public Google Cloud API endpoints are exposed — misconfigurations at scale create silent entry points. Visibility is the first line of defense. ☁️⚠️ #CloudSecurity #AttackSurface
https://thehackernews.com/2026/02/thousands-of-public-google-cloud-api.html
Security Advisory Summary:
SolarWinds Serv-U 15.5.4 patches four critical vulnerabilities:
• CVE-2025-40538 – Broken access control → system admin creation + root RCE
• Two type confusion flaws → root code execution
• One IDOR vulnerability → elevated execution
Attack prerequisites:
High-privileged access required. Exploitation likely via credential compromise or chained privilege escalation.
Exposure landscape:
12K+ internet-facing instances observed (Shodan)
File transfer platforms remain ransomware-favored entry vectors
Historical context:
Prior Serv-U CVEs exploited by ransomware groups and state-aligned actors.
Immediate actions:
- Patch to 15.5.4
- Audit privileged accounts
- Review FTP/SFTP exposure
- Monitor for anomalous admin creation
Follow us for tactical advisories and vulnerability intelligence.
Comment with your detection or hardening recommendations.
#Infosec #SolarWinds #ThreatIntel #CVE2025 #RCE #PrivilegeEscalation #BlueTeam #SecurityEngineering #AttackSurface #ZeroTrust
https://www.youtube.com/watch?v=x3G_XszX0ec
SecPoint® Penetrator™ – New Target World Map Visualization
Learn more about the SecPoint® Penetrator Vulnerability Scanner:
https://www.secpoint.com/penetrator.html
Partner sign up:
https://www.secpoint.com/partner-signup.html
#SecPoint #CyberSecurity #VulnerabilityScanning #AttackSurface #NetworkSecurity
Malicious MoltBot skills are pushing password-stealing malware — voice assistants are becoming a new social engineering vector. Convenience can be compromised. 🎙️🔓 #CredentialTheft #AttackSurface
☢️ Nearly 800,000 Telnet servers are exposed to remote attacks — decades-old services are still wide open on the internet. Legacy risk is real risk. 🔓📡 #LegacySystems #AttackSurface
Active exploitation is being observed via misconfigured security testing applications, enabling attackers to move from exposed training tools into cloud environments.
The issue centers on excessive IAM permissions, default credentials, and poor isolation between test and sensitive systems - not novel malware.
This reinforces the need to treat non-production assets as part of the threat surface.
Follow @technadu for neutral, research-driven security reporting.
#CloudSecurity #IAM #Pentesting #Infosec #AttackSurface #TechNadu
🚨 New research & tool release: OID-See - Giving Your OAuth Apps the Side-Eye
OAuth risk in Entra isn’t a table problem.
It’s a relationship problem.
After spending far too long staring at consent screens, Graph responses, and metadata that technically tells the truth while still being wildly misleading, I ended up building something I couldn’t find anywhere else:
OID-See - essentially BloodHound for OAuth in Entra.
It maps:
• OAuth apps & service principals
• Delegated scopes and app permissions
• Consent, assignments, and reachability
• Trust signals (and trust illusions)
• Persistence and impersonation paths
…into a graph-backed analysis model that lets you reason about what an app can actually become when chained, not just whether it looks risky in isolation.
Why this exists
I kept running into the same issues:
• “Verified publisher” isn’t always the signal we think it is
• Microsoft-shaped metadata can lull defenders into false trust
• offline_access ≠ impersonation, but does equal persistence
• Apps without assignment requirements are exposed by default
• Spreadsheets hide abuse paths - graphs expose them
So I stopped trying to answer “is this app bad?”
and started asking “what does this enable if it’s abused?”
What OID-See is (and isn’t)
✅ Graph-only by default (no token scraping, no SaaS, no data exfil)
✅ You run it yourself, get a JSON, analyse it locally
✅ Explainable scoring, externalised logic, no magic
❌ Not a CSPM replacement
❌ Not an EDR, SWG, or token replay tool
It’s about clarity, not control theatre.
📖 Blog (deep dive, philosophy, and war stories):
👉 https://cirriustech.co.uk/blog/oidsee/
🧰 Tool & source (v1.0.0):
👉 https://github.com/OID-See/OID-See/tree/v1.0.0
If you’re an Entra admin, cloud security engineer, or anyone who’s ever said
“it’s just a harmless SSO integration” - this one’s for you.
And yes… the name is intentional.
You probably should be giving your OAuth apps the side-eye. 👀
#Entra #AzureAD #OAuth #OIDC #IdentitySecurity #SecurityResearch #AttackSurface #Graph #BloodHound #OIDSee
Turning Visibility Into Defense: Connecting the Attack Surface to the Detection Surface: https://jonschipp.substack.com/p/turning-visibility-into-defense-connecting
Jumile
𝕯𝖔𝖔𝖒𝖘𝖈𝖗𝖔𝖑𝖑™
Manuel Bissey
TechNadu
SecPoint
G 
Tedi Heriyanto