Following the recent cyberattack on Endesa, one of Spain’s largest electricity and gas providers, Outpost24’s threat intelligence team has compiled a comprehensive analysis of the incident based on publicly available evidence from underground forums, leaked dataset listings, and the threat actor’s own statements. The analysis examines the likely initial access...

Today marks Microsoft Patch Tuesday for January 2026, addressing 112 vulnerabilities. Notably, there is an actively exploited zero-day vulnerability, but it requires the attacker to be a local authorized user, which may reduce its severity. In 2026, several Microsoft Secure Boot certificates are set to expire. If not updated, attackers...

In 2026, organizations are already managing attack surfaces that are larger, more fragmented, and more volatile than in previous years. As the year progresses, attack surfaces will continue to expand in scope and complexity, making them harder to secure consistently. We’ve spoken to senior Outpost24 experts to help you understand...

In 2025, KrakenLabs tracked a series of shifts that reshaped how cyber threats materialized across organizations. Drawing on research conducted throughout the year, this article highlights the most consequential developments observed by KrakenLabs in 2025, where attacker success depended less on new tools or novel exploits and more on the...

How basic cybersecurity gaps can quickly escalate into a national crisis Even minor cybersecurity gaps can ripple into major disruptions. As digital and operational systems become increasingly interconnected, vulnerabilities that once seemed small can now trigger national-level consequences. This whitepaper explores how real-world cyber incidents reveal hidden weaknesses in modern...

700Credit, a US-based credit check and compliance provider, disclosed in late October that it had suffered a significant data breach affecting nearly 18,000 dealerships and more than 5.6 million consumers. According to the company’s disclosure and subsequent reporting, the exposed data includes names, addresses, dates of birth, and Social Security...

The strategic funding from international investment firm Vitruvian Partners will advance the company’s platform, helping organizations rapidly transform threat data into decisive action and a more robust security posture. STOCKHOLM / PHILADELPHIA (December 17, 2025) — Outpost24, a leader in exposure management and identity security, today announced a new investment...

React2Shell is the name commonly used to describe a set of critical vulnerabilities affecting React Server Components (RSC) and frameworks that rely on them, including Next.js. Since disclosure, security teams have observed continued exploitation attempts targeting exposed applications, with attackers abusing the vulnerability to gain unauthorized code execution on affected...

Today marks Microsoft Patch Tuesday for December 2025. This month, 57 vulnerabilities have been addressed, including three zero-day vulnerabilities, one of which is actively being exploited. It’s crucial to update your systems promptly. Notable Patch Tuesday vulnerabilities for December CVE-2025-62221 A use-after-free vulnerability in the Windows Cloud Files Mini Filter...

The strategic acquisition strengthens market leadership by unifying user identity with device trust, eliminating security blind spots. STOCKHOLM / PHILADELPHIA (December 9, 2025) – Outpost24, a leader in exposure management and identity security, today announced the acquisition of Infinipoint, a specialist in device identity, posture validation, and secure workforce access....