Imminent Threats vs Regular Exposures

Category: Exposures & Threats

What's the Difference?

• Exposures are vulnerabilities that exist in your attack surface - things like misconfigured DNS, expired certificates, or leaked data. They represent things that could be exploited.

• Imminent Threats are a subset of exposures where there's evidence that attackers are actively preparing to exploit them. They mean an attacker is not just aware of the vulnerability but is actively building infrastructure to exploit it.

Why Imminent Threats Matter More

Imminent threats require immediate attention because:

1. The vulnerability is not just theoretical - attackers have built infrastructure to exploit it
2. The threat is more imminent and requires faster response
3. Understanding the associated attack infrastructure cluster helps you see the full scope of the attack campaign

How to Identify Them

Imminent threats appear on their own dedicated page in the sidebar. They also show up in the Exposures list but with attack infrastructure cluster information attached.

If an exposure shows associated clusters (e.g., "2 Clusters"), it means Malanta has identified distinct groups of attacker infrastructure connected to this exposure. More clusters typically means more sophisticated or widespread attacker activity.

Updated on: 26/02/2026