Attack Surface Management: You’re probably doing it wrong

Aug 26, 2021

In this post, SpiderFoot founder and CEO Steve Micallef talks about the importance of leveraging a broad spectrum of OSINT for managing your attack surface:

…when determining the attackable surface of an organization, we must not only care about externally exposed assets, but also externally exposed information relevant to that organization. Such information (OSINT) can be used by attackers to mount social engineering attacks, spear-phishing attacks, gain access to critical assets sitting outside the traditional network perimeter or simply get more efficient about what assets they should seek out once inside.

Read the post in full here.

Emerging Threats//Apr 1, 2026

TeamPCP Supply Chain Attacks

TeamPCP is exploiting trusted npm and PyPI packages to compromise developer environments, steal credentials, and extend attacks across software supply chains.

Emerging Threats//Mar 13, 2026

Handala Threat Group

An Iranian aligned threat group conducting destructive and espionage focused cyber operations against organizations in Israel and Western countries.

Emerging Threats//Jan 27, 2026

CrazyHunter Ransomware

CrazyHunter is a ransomware campaign targeting healthcare that weakens endpoint defenses and escalates privileges before encrypting systems at scale.

Sign up for our Executive Intel Update

Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.

Attack Surface Management: You’re probably doing it wrong

Related Articles

TeamPCP Supply Chain Attacks

Handala Threat Group

CrazyHunter Ransomware

Sign up for our Executive Intel Update

Sign up for our Executive Intel Update