This is the last of the four blogs (Help, I can’t see! A Primer for Attack Surface Management Blog Series, The Main Components of an Attack Surface Management (ASM) Strategy, and Understanding your Attack Surface: Different Approaches to Asset Discovery) covering the foundational elements of Attack Surface Management (ASM), and this topic covers one of the main drivers for ASM and why companies are investing in it, the context it delivers to inform better security decision making.
Read more…
Source: Rapid7
Related:
- Patch Tuesday – December 2025
December 10, 2025
Microsoft is publishing a relatively light 54 new vulnerabilities this December 2025 Patch Tuesday, which is significantly lower than we have come to expect over the past couple of years. Today’s list includes two publicly disclosed remote code vulnerabilities, and a single exploited-in-the-wild vulnerability. Three critical remote code execution (RCE) vulnerabilities are also patched today; Microsoft ...
- Three critical vulnerabilities patched by SAP
December 10, 2025
SAP has released its December cumulative security update, through which it fixed 14 vulnerabilities found in different products. Among them are three critical-severity flaws which should be addressed without delay. The full list of addressed vulnerabilities can be found on this link. The most critical bug fixed this time is a code injection vulnerability discovered in ...
- Principles for the Secure Integration of Artificial Intelligence in Operational Technology
December 3, 2025
Since the public release of ChatGPT in November 2022, artificial intelligence (AI) has been integrated into many facets of human society. For critical infrastructure owners and operators, AI can potentially be used to increase efficiency and productivity, enhance decision-making, save costs, and improve customer experience. Despite the many benefits, integrating AI into operational technology (OT) environments ...
- Google patches 107 Android flaws, including two being actively exploited
December 2, 2025
Google has patched 107 vulnerabilities in Android in its December 2025 Android Security Bulletin, including two high-severity flaws that are being actively exploited. The December updates are available for Android 13, 14, 15, and 16. Android vendors are notified of all issues at least a month before publication, but that doesn’t always mean the patches ...
- The Dual-Use Dilemma of AI: Malicious LLMs
November 25, 2025
A fundamental challenge with large language models (LLMs) in a security context is that their greatest strengths as defensive tools are precisely what enable their offensive power. This issue is known as the dual-use dilemma, a concept typically applied to technologies like nuclear physics or biotechnology, but now also central to AI. Any tool powerful enough ...
- CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse
November 24, 2025
CISA has ordered US federal agencies to patch against an actively exploited Oracle Identity Manager (OIM) flaw within three weeks – a scramble made more urgent by evidence that attackers may have been abusing the bug months before a fix was released. The flaw, tracked as CVE-2025-61757 and now sitting in CISA’s Known Exploited Vulnerabilities catalog, ...