Shadow IT Is Expanding Your Attack Surface. Here’s Proof www.bleepingcomputer.com/news/secu…

Shadow IT - the systems your security team doesn’t know about - is a persistent challenge. Policies may ban them, but unmanaged assets inevitably slip through. And if defenders don’t uncover them first, there’s always a risk attackers will.

With just a few days of effort, Intruder’s security team uncovered multiple real-world examples of Shadow IT exposures: unsecured backups, open Git repositories, unauthenticated admin panels, and more.

Every one of them contained highly sensitive data or credentials, and none required advanced exploitation.