Open-Source Attack Surface Management Cheat Sheet Released

A developer has published an open-source Attack Surface Management cheat sheet that started as personal notes and evolved into a structured reference. The project focuses on practical ASM implementation rather than theoretical concepts.
What's Included
The cheat sheet covers several key areas of Attack Surface Management:
- Discovering unknown assets
- Tracking exposed infrastructure
- Reconnaissance and enumeration tooling
- Simple automation workflows
- Recommended books and learning resources
Development Process
The developer used Claude AI to help organize sections, expand explanations, and structure documentation to read more like a guide rather than scattered notes. The repository includes implementation notes and workflows for getting started with ASM programs.
Project Details
The cheat sheet is available as a GitHub repository and has a demo site hosted at https://asm-cheatsheet.vercel.app/. The developer indicates they're open to expanding the resource based on community feedback and use cases.
📖 Read the full source: r/ClaudeAI
👀 See Also

Three open-source alternatives to litellm after PyPI supply chain attack
litellm versions 1.82.7 and 1.82.8 on PyPI were compromised with credential-stealing malware. Three open-source alternatives include Bifrost (Go-based, ~50x faster P99 latency), Kosong (agent-oriented from Kimi), and Helicone (AI gateway with analytics).

OpenClaw security patches fix QR code credential exposure and plugin auto-load vulnerabilities
OpenClaw released two security patches addressing critical vulnerabilities: QR codes embedded permanent gateway credentials without expiry, and plugins auto-loaded from cloned repos without user confirmation. Version 2026.3.12 fixes both issues.

AI Security Researchers: Your 0-Day Vulnerabilities May Leak via Data Opt-In Toggle
The 'Improve the model for everyone' toggle in LLM interfaces can automatically harvest deep red-teaming research, sending your vulnerability concepts to vendor safety teams and potentially to academic papers before you publish. Disable data sharing before conducting serious security research.

Security audit reveals vulnerabilities in OpenClaw skill ecosystem
A security audit of OpenClaw found 8 documented CVEs including arbitrary code execution and credential theft vulnerabilities, plus 15% of skills in the shared library exhibit suspicious network behavior. The auditor migrated to a minimal Rust-based runtime with Ollama for better isolation.