An attacker begins at qa3.acmecorp.com, where a forgotten config file quietly lists every dependency you run.
↳ From there they reach monitor.acmecorp.com across a shared subnet – its dashboard is open to anyone.
↳ Inside it, a database password sits in plain text. postgres.acmecorp.com – your records – is now theirs.