Digital Risk Protection (DRP) helps organizations identify, monitor, and protect against threats across their digital footprint. The goal is to catch risks on the open, deep, and dark web before they can be exploited, by aggregating threat intelligence from diverse external sources (social media, underground forums, code repositories, and paste...

Despite advancements in security, web applications are still a problem. Attackers target web applications because they’re exposed, complex, and not as well protected as they should be. According to Verizon1, web applications are the most prevalent attack vector, with exploitations of vulnerabilities increasing by 180% in 2024.   The digital world...

Digital footprints are growing at an unprecedented rate  Attack surfaces are broader and more complex than ever. Threat actors will actively search for vulnerabilities in an organization’s attack surface, looking for the path of least resistance. Unknown subdomains, forgotten development environments, unsecured APIs, and abandoned cloud resources can all become...

Today marks Microsoft’s Patch Tuesday for May 2025, addressing a total of 78 vulnerabilities. Among these, a few are actively being exploited. Most require the attacker to have local access, but one can be executed remotely if the attacker tricks a user into clicking a malicious link. Notable Patch Tuesday...

Digital Risk Protection (DRP) lets organizations proactively identify and mitigate external threats that emerge from their digital footprints. This can span public sources as well as deep and dark web channels. DRP is a key element of Outpost24’s external attack surface management (EASM) platform, so we’re pleased to announce two new...

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from April about EncryptHub, EncryptRAT, and the Media Land leak. Threat actor of the...

Several years ago, a security researcher discovered a vulnerability in Google Chrome that allowed fake domains to bypass the browser's security measures. The researcher registered a domain that appeared as "xn--80ak6aa92e.com" but displayed as "apple.com" in the browser, demonstrating how easy it was to deceive users. This is just one...

The concept of responsible disclosure is a simple one. If you find a vulnerability, you let the affected organization or software vendor know before making the information public. This gives them time to patch the vulnerability before it can be exploited. It also helps maintain trust and fosters a collaborative...

Authentication is used by most web applications. Both for letting users have access to individual accounts, but also for protecting certain resources from the public. Basic authentication allows an individual to prove to the application that they are the user that is trying to access it. Unfortunately, authentication vulnerabilities are often...

Today marks Microsoft’s Patch Tuesday for April 2025, addressing a total of 126 vulnerabilities. This is in addition to nine vulnerabilities that were resolved in Microsoft Edge earlier this month. Among these, there are four significant unauthenticated remote code execution vulnerabilities and one notable local privilege escalation vulnerability. One of...