Q-RAN: Quantum-Resilient O-RAN Architecture

arXiv:2510.19968v1 Announce Type: new Abstract: The telecommunications industry faces a dual transformation: the architectural shift toward Open Radio Access Networks (O-RAN) and the emerging threat from quantum computing. O-RAN disaggregated, multi-vendor architecture creates a larger attack surface vulnerable to crypt-analytically relevant quantum computers(CRQCs) that will break current public key cryptography. The Harvest Now, Decrypt Later (HNDL) attack strategy makes this threat...

MCP Security Bench (MSB): Benchmarking Attacks Against Model Context Protocol in LLM Agents

arXiv:2510.15994v1 Announce Type: new Abstract: The Model Context Protocol (MCP) standardizes how large language model (LLM) agents discover, describe, and call external tools. While MCP unlocks broad interoperability, it also enlarges the attack surface by making tools first-class, composable objects with natural-language metadata, and standardized I/O. We present MSB (MCP Security Benchmark), the first end-to-end evaluation suite that systematically measures how well LLM agents resist...

New Agentic AI tool from FullHunt can uncover any organization's attack surface in seconds

submitted by /u/mazen160 [link] [comments]

Internal move advice (ASM Role)

Hi everyone! I recently received a promotion internally from help desk to an Attack Surface Management role at a relatively large company. From the looks of it it's a newly created role that another analyst has been working on as kind of a side project and I'll have been brought on board to more or less grow alongside the rollout of the tools (mostly Tenable). I've looked online and checked out the tenable docs and it still feels so overwhelming and I'm feeling incredibly lost. Any...

SpyChain: Multi-Vector Supply Chain Attacks on Small Satellite Systems

arXiv:2510.06535v2 Announce Type: replace Abstract: Small satellites are integral to scientific, commercial, and defense missions, but reliance on commercial off-the-shelf (COTS) hardware broadens their attack surface. Although supply chain threats are well studied in other cyber-physical domains, their feasibility and stealth in space systems remain largely unexplored. Prior work has focused on flight software, which benefits from strict security practices and oversight. In contrast, auxiliary...

Bringing the Power of Agentic AI for Identity Risk, Adaptive Threat Prioritization, and Exposure Exploitability Validation

Qualys Enterprise TruRisk(TM) Management (ETM) extends the power of risk operations with agentic AI - Introducing ETM Identity, TruLens for industry-based threat prioritization, and TruConfirm exposure exploitability validation to accelerate your remediation. Every year at our yearly conference, now ROCon, I connect with security professionals on the front lines. A common theme in our conversations

CommandSans: Securing AI Agents with Surgical Precision Prompt Sanitization

arXiv:2510.08829v1 Announce Type: new Abstract: The increasing adoption of LLM agents with access to numerous tools and sensitive data significantly widens the attack surface for indirect prompt injections. Due to the context-dependent nature of attacks, however, current defenses are often ill-calibrated as they cannot reliably differentiate malicious and benign instructions, leading to high false positive rates that prevent their real-world adoption. To address this, we present a novel...

Priority Scanning: Get Faster Visibility into Exposures Across your Attack Surface