#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News

Attack Surface | Breaking Cybersecurity News | The Hacker News

Category — Attack Surface
Why Now is the Time to Adopt a Threat-Led Approach to Vulnerability Management

Why Now is the Time to Adopt a Threat-Led Approach to Vulnerability Management

Mar 03, 2025
What is Threat-Led Vulnerability Management? Threat-Led Vulnerability Management (TLVM) is a security approach that focuses on prioritizing and managing vulnerabilities based on the current threat landscape and the specific risks posed to an organization. Rather than treating all vulnerabilities equally, TLVM emphasizes understanding which vulnerabilities are most likely to be exploited by malicious actors, correlated with the configuration state and security posture of the organization's unique infrastructure and business processes. Why Now? The notion of adopting a Threat-Led Vulnerability Management (TLVM) approach has grown in popularity, particularly in the face of the escalating volume and sophistication of cyber threats, which are increasingly frequent and offer a lower cost attack alternative when supported by AI tools. The dynamic nature of the threat landscape requires organizations to stay agile in their vulnerability management processes, prioritizing efforts based on ...
Eliminate Your Attack Surface by Becoming Invisible: Hackers Can't Attack What They Can't See

Eliminate Your Attack Surface by Becoming Invisible: Hackers Can't Attack What They Can't See

Feb 03, 2025
Most IT security professionals would agree that the key ingredient for safeguarding networks is "reducing the attack surface." Fewer avenues for breaches mean reduced risk and fewer incidents for an enterprise: Hackers can't attack what they can't see. Reducing attack surface is the key to securing your network, applications, and—most importantly—your data. Calling all servers . . . The "attack surface" comprises the sum of all exposed points through various vectors that an attacker could target to compromise a computing device or network. You can group the attack vectors into three main categories: the channel (a listening TCP/UDP port), assets (which include applications, services, webpages, files, executables, etc.), and access (user credentials). Below is a breakdown of the various attack vector options available to attackers. The channel —typically an exposed-to-the-internet communications protocol like TCP or UDP—allows all entities on the internet to communicate with each ot...
Cybersecurity Resources