{“lastseen”:”2026-06-17T11:01:30″,”description”:”\\n\\nBreaches don’t always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop \u2014 like MongoBleed earlier this year, which let attackers pull credentials and session tokens from server memory without authentication \u2014 anything internet-facing is immediately at risk.\\n\\nWith time-to-exploit now down to a single day, the question isn’t just how fast you can patch. It’s why the service was exposed in the first place.\\n\\nThe team at Intruder analyzed 3,000 attack surfaces to find out how much of a typical organization’s attack surface consists of services that have no reason to be there. We grouped what we found into four categories \u2014 HTTP panels, risky ports and services, databases, and publicly accessible files and information.\\n\\nThe full findings, including breakdowns by company size and industry, are in our 2026 Attack Surface Management Index.\\n\\n## How widespread is the problem?\\n\\n * 60% of organizations had at least one HTTP panel exposed \u2014 admin consoles, management UIs, login pages for internal tools that have no business being publicly reachable.\\n * Nearly half (49%) had a risky port or service exposed.\\n * 42% had a database reachable directly from the internet. \\n * 30% had files or information publicly accessible that shouldn’t be \u2014 API documentation, config files, data that was never intended to be discoverable.\\n\\n\\n\\n\\n\\n## The ten most common exposures\\n\\nThese are the most common attack surface exposures affecting organizations in the past 12 months.\\n\\n 1. MySQL Database Exposed \u2014 26%\\n 2. Postgres Database Exposed \u2014 16%\\n 3. API Documentation Exposed \u2014 15%\\n 4. WordPress Admin Panel Exposed \u2014 15%\\n 5. Remote Desktop Service Exposed \u2014 11%\\n 6. SNMP Service Exposed \u2014 9%\\n 7. phpMyAdmin Admin Panel Exposed \u2014 8%\\n 8. UPnP Service Exposed \u2014 8%\\n 9. NTP Service Exposed \u2014 7%\\n 10. RPC Portmapper Service Exposed \u2014 7%\\n\\n\\n\\n### Databases dominate the top two spots\\n\\nExposed databases take the top two spots, with more than a quarter of organizations exposing MySQL and Postgres, affecting 1 in 6. Internet-facing databases have long been a target for opportunistic attackers. The PLEASE_READ_ME ransomware campaign in 2020 compromised more than 250,000 MySQL databases by brute-forcing weak credentials. MongoDB and Elasticsearch have faced the same.\\n\\n### API documentation is more exposed than RDP\\n\\nAPI documentation ranked third \u2014 ahead of RDP, which surprised us. Some API docs are intentionally public, but organizations frequently overlook documentation tied to private or admin-side APIs that were never meant to be discoverable. Public API docs can turn otherwise hard-to-find vulnerabilities into documented attack paths.\\n\\n### RDP remains a ransomware entry point\\n\\nRDP at number five is a concern given its history as an initial access vector in ransomware attacks. BlueKeep in 2019 left nearly a million systems immediately exploitable. Credential guessing against exposed RDP remains one of the most reliable ways ransomware operators get in.\\n\\n### The rest of the list was never meant to be internet-facing\\n\\nThe remainder of the list \u2014 SNMP, UPnP, NTP, RPC \u2014 are legacy services designed for internal networks that were never meant to be internet-facing. \\n\\n## Get the full findings\\n\\nMost teams treat patching as the priority. But for a lot of what’s on this list \u2014 databases, admin panels, legacy services \u2014 the better question is why they’re reachable at all. That’s where attack surface reduction comes in \u2014 and for most organizations, it’s not getting the same attention as vulnerability management.\\n\\nThe full findings, including breakdowns by company size and industry, are in the 2026 Attack Surface Management Index.\\n\\nFound this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2026-06-17T10:30:00″,”modified”:”2026-06-17T10:30:00″,”type”:”thn”,”title”:”The Top 10 Attack Surface Exposures in 2026″,”source”:””,”references”:””,”id”:”THN:1189634A85494EE84689C077E832C081″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2026\/06\/the-top-10-attack-surface-exposures-in.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-06-17T11:01:30″,”description”:”\\n\\nBreaches don’t always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,11,43,5],"class_list":["post-63732","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n