This is the second part of Outpost24’s KrakenLabs investigation into EncryptHub, an up-and-coming cybercriminal who has been gaining popularity in recent months and is heavily expanding and evolving operations at the time of writing. We’ve already published one article explaining EncryptHub’s campaigns and TPPs, infrastructure, infection methods, and targets.  This...

Outpost24 analysts recently discovered a critical authentication bypass vulnerability in CrushFTP, identified as CVE-2025-31161. The vulnerability has a CVSSv3.1 score of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8). We reached out to MITRE for a CVE on 13th March 2025 and were within an agreed 90-day non-disclosure period with CrushFTP. The plan was to give...

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from March about espionage activities by threat actors Green Nailao and UNC3886. Spotlight threat:...

We’re pleased to announce that a new Digital Risk Protection (DRP) integration has been added to Outpost24’s External Attack Surface management (EASM) platform: the Dark Web module.   Security teams need complete visibility on their organization’s exposure and potential threats. This doesn’t only include your owned online assets, but also your...

EncryptHub, a rising cybercriminal entity, has recently caught the attention of multiple threat intelligence teams, including our own (Outpost24’s KrakenLabs). While other reports have begun to shed light on this actor's operations, our investigation goes a step further, uncovering previously unseen aspects of their infrastructure, tooling, and behavioral patterns.  Through...

An integrated attack surface management (ASM) and Pen Testing as a Service (PTaaS) solution that enables organizations to implement a flexible and comprehensive application security strategy.  Today, Outpost24 is excited to announce the launch of its new CyberFlex solution, a flexible combination of ASM and PTaaS. With two-thirds of organizations...

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. The key focuses this month are on the threat groups Black Basta and M_A_G_A, plus plenty more observed highlights from...

Security through obscurity is based on the idea that if attackers don’t know how a system works or even if it exists, they’ll have a harder time breaching it. Despite repeatedly broken implementations and lacking support from standards bodies, this concept continues to be widely used. Secret doesn’t always mean...

In the context of penetration (pen) testing, false positives are where the testing tools or methods identify a security vulnerability or issue that doesn’t actually exist. Essentially, a false alarm. This can happen for a few reasons, such as misconfigurations in the testing tools, incorrect assumptions, or environmental factors. False...

On January 14th, 2025, Belsen Group emerged in the underground forum Breach Forums publishing a list of sensitive data extracted from vulnerable Fortinet FortiGate devices. Since then, they have expanded their malicious activities into acting as initial access brokers. Who are they and what do we know about them? In...