Outpost24 researchers have published an analysis into the major zero-day exploitations of 2025. Zero-day exploits were some of the most defining cyber threats of last year, with flaws affecting major platforms like React2Shell, Oracle EBS, and CitrixBleed 2. This analysis is insightful for those who need to defend against zero days.
You can read the analysis here: https://outpost24.com/blog/top-zero-day-exploits-2025/
Outpost24’s Threat Intelligence Research Team has released a detailed analysis on the recent cyberattack on Endesa, one of Spain’s largest electricity and gas providers.
From publicly available evidence from underground forums, leaked dataset listings, and the threat actor’s own statements, the threat intel team examines the likely initial access vector, the probably origin of the data, and the broader security implications therein.
Some key findings include:
For full details, the analysis can be read here: https://outpost24.com/blog/endesa-data-breach/
With the holidays right around the corner, and cybercriminals’ activity increasing during business downtime, it is more important than ever for organizations and individuals both to take practical steps to protect themselves from potential cyber-attacks.
Noé Mantel, Cybersecurity Specialist at Outpost24, has shared the following tips for how to do just that:
Tip #1: Check the reliability of your backups
Before going on holiday, it is essential to ensure that critical backups are up to date, functional, and stored offline. Organizations should systematically test their data recovery procedures and ensure that no backups are stored on the same network as production systems to prevent ransomware from encrypting or deleting them.
Tip #2: Apply updates and patches before the holidays
The end of the year is an ideal time to deploy pending patches and update obsolete software. Regular vulnerability analysis allows you to prioritize risks and fix systems exposed to the internet or close to critical assets first. A centralized patch management system, based on risk assessment, is an essential pillar of effective security.
Tip #3: Strengthen your network security
Multi-layered segmentation limits an attacker’s lateral movement in the event of an intrusion. Filtering malicious IP addresses, using URL whitelists, and closing unnecessary ports are simple actions that greatly reduce the attack surface. Regular traffic analysis also helps identify potential anomalies.
Tip #4: Closely monitor the most exposed services
Remote access such as RDP and VPNs must be protected by automatic locking mechanisms and monitored via connection logs. It is also recommended to disable all unused ports and to check the security practices of third-party service providers and employees working remotely.
Tip #5: Avoid public USB ports when travelling
Juice jacking remains an emerging and little-known threat. Companies must educate their teams never to use public charging ports in train stations, hotels or airports. A personal mains charger or external battery is the safest alternative.
Tip #6: Adopt rigorous identity and access management
Identity control is central to protecting infrastructure. IAM provides complete visibility into users, their permissions and their login behavior. Contextual analysis and artificial intelligence make it easier to detect anomalies without imposing overly restrictive rules.
Tip #7: Strengthen your passwords and MFA
The implementation of unique, sufficiently complex and regularly renewed passwords remains a fundamental aspect of cybersecurity. The use of password managers and the systematic adoption of multi-factor authentication significantly reduce the risk of compromise. Tools that block compromised passwords further strengthen this essential barrier.
Researchers at Outpost24 have published a new analysis on the recent 700Credit breach. This analysis dives into the origin of this breach and the database’s appearance on the darkweb. I covered this news previously here.
Here’s the link to the analysis: https://outpost24.com/blog/700credit-data-breach/
It is being reported that a ransomware gang is exploiting the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deploy the file-encrypting malware less than a minute later.
Outpost24 researchers just recently published an in-depth look at the React2Shell vulnerability, diving into what exactly the vulnerability is, how the exploit works, its exploitation characteristics, as well as practical detection, remediation tips, and risk management implications.
The team commented, “The RSC model is designed to let servers return rendered UI fragments to clients efficiently. Behind this capability is a serialization and deserialization protocol, often called the Flight protocol that encodes component data and function calls for transport between client and server.
The React2Shell vulnerabilities arise because the deserialization logic in the Flight protocol does not validate untrusted data fully. When a server receives a maliciously crafted Request payload, the decoder may incorporate attacker-controlled values into internal objects and execution paths. This missing validation allows an attacker to control execution flow and trigger arbitrary code execution in the server process context.
Since Next.js builds on the same underlying React RSC infrastructure, applications that include RSC support (especially with the App Router) are also affected unless they have been updated to include the patched React implementation.”
For full details, the analysis can be found here: https://outpost24.com/blog/react2shell-cve-2025-55182-react-vulnerability/
Outpost24 today announced a new investment from Vitruvian Partners to fuel its next phase of global growth. This significant new funding will accelerate innovation across the company’s platform, with a focus on integrating AI capabilities to optimize how security teams identify and neutralize critical vulnerabilities.
The only European vendor recognized as an overall leader in the 2025 KuppingerCole Leadership Compass Report for Attack Surface Management, Outpost24 delivers a distinct approach to cyber defence that empowers security teams to gain a complete understanding of their digital and human risk landscape.
Last week, Outpost24 announced the acquisition of Infinipoint, a specialist in device identity, posture validation, and secure workforce access. The acquisition marks the company’s entry into the Zero Trust Workforce Access market and lays the foundation for its identity security division, Specops, to offer a unified approach that evaluates both the user and the device before access is granted. Through the strategic integration of its solutions — spanning external risk, identity, and device trust — Outpost24 is setting a new standard for cybersecurity. The company’s roadmap is focused on next-generation AI capabilities to catapult businesses forward, enabling them to prioritize the most critical threats and secure their assets.
The recent acquisition followed by today’s funding announcement mark the conclusion of a stellar year for Outpost24. Earlier this year, the company launched CyberFlex, a flexible, next-generation solution that integrates External Attack Surface Management and Penetration Testing as a Service (PTaaS) to help organizations efficiently manage and secure external-facing applications. Built on a pay-as-you-go credit model, CyberFlex embodies the shift toward consumable cybersecurity — giving customers the flexibility to dynamically allocate testing resources, scale coverage, and control costs as their security priorities evolve.
With over two decades of expertise, a strong European foundation, and thousands of customers worldwide, Outpost24 is expertly positioned to help organizations stay ahead of evolving cyber threats. By combining its leading Attack Surface Management platform with Specops’ specialized identity and password security, and the newly added strength of device identity and secure workforce access, Outpost24 delivers a truly comprehensive security picture that moves beyond conventional scanning methods. This empowers security teams to instantly identify, prioritize, and remediate the most critical risks, fundamentally strengthening resilience across both digital and human attack surfaces.
Outpost24 today announced the acquisition of Infinipoint, a specialist in device identity, posture validation, and secure workforce access. The acquisition marks Outpost24’s entry into the Zero Trust Workforce Access market and enhances its identity security division, Specops, by laying the foundation for a unified approach that evaluates both the user and the device before access is granted.
As organizations advance their Zero Trust strategies, authentication alone is no longer enough. MFA and SSO confirm who the user is, but they do not validate the security of the device being used. In hybrid environments where employees, contractors, and partners rely on a mix of corporate and unmanaged devices, this gap has become a significant source of risk. Ensuring that only secure, compliant devices can access critical systems is now essential to reducing credential misuse, preventing lateral movement, and maintaining regulatory assurance.
Organizations will benefit from the combined strengths of Specops’ unrivalled authentication and Infinipoint’s device identity and posture expertise, gaining a unified, context-aware approach to workforce access. This will allow organizations to evaluate both user and device trust at the moment of access, strengthening Zero Trust adoption while improving compliance and operational efficiencies by leveraging Infinipoint’s unique self-service and auto remediation capabilities – across any device and any identity provider.
The acquisition underscores the Outpost24’s commitment to advancing its exposure management and identity security capabilities and strengthens its role in delivering end-to-end visibility and control across identities, devices, and the external attack surface.
Outpost24, a leading provider of cyber risk management and application security solutions, today announced that it has been named a Challenger and Fast Mover in GigaOm’s Radar for Penetration Testing as a Service (PTaaS). GigaOm is a global practitioner-led analyst firm that provides research, analysis, and advisory services for IT and security decision-makers.
Outpost24 advanced its position in the 2025 Radar, moving from the Feature Play quadrant in 2024 to the Maturity and Platform Play quadrant. This significant progression reflects continued investment in scalable, integrated testing capabilities and the company’s commitment to delivering effective security validation for modern digital environments.
The GigaOm Radar for Penetration Testing as a Service provides a comprehensive evaluation of vendors based on platform capabilities, testing methodologies, customer experience, and alignment with emerging market needs. The report highlights the industry shift from point-in-time penetration tests to continuous validation delivered through unified platforms. It also notes the growing adoption of flexible consumption-based models that help organizations optimize testing coverage while controlling cost, a trend reflected in Outpost24’s own approach through CyberFlex’s pay-as-you-go credit model.
GigaOm recognized the following Outpost24 strengths:
Outpost24’s Penetration Testing as a Service solution, CyberFlex, combines expert-led penetration testing with continuous attack surface visibility to give organizations a unified and streamlined experience. By integrating automated discovery with testing workflows, CyberFlex provides continuous visibility across an organization’s external application attack surface, seamless access to results, and actionable guidance for faster remediation. The solution uses automatic data gathering, enrichment, and AI-driven analysis to identify vulnerabilities and attack paths across both known and unknown internet-facing assets.
To download a complimentary copy of the 2025 GigaOm Radar for Penetration Testing as a Service (PTaaS), please visit this link.
For more information on Outpost24’s CyberFlex solution, visit https://outpost24.com/products/cyberflex/.
Outpost24 today announced a new PCI DSS (Payment Card Industry Data Security Standard) Compliance solution designed to simplify how organizations meet and maintain payment card industry security requirements.
As a PCI Security Standards Council Approved Scanning Vendor (ASV) for more than 20 years, Outpost24 combines certified PCI expertise, advanced automation, and flexible testing options in a single, easy-to-manage platform. The result is faster, more efficient compliance for organizations of any size — without the complexity or cost of managing multiple tools and providers.
Outpost24’s PCI DSS Compliance solution supports the key scanning and testing activities required under the PCI DSS framework, including ASV scanning, internal vulnerability assessments, and application and infrastructure penetration testing. Customers can select the level of coverage they need from several flexible packages, and choose between self-managed or fully managed options supported by Outpost24’s in-house PCI professionals.
The new offering enables organizations to plan, schedule, and manage PCI testing through Outpost24’s platform, delivering better visibility, actionable insights, and streamlined reporting. Customers using Outpost24’s Managed PCI service can further reduce internal workload by entrusting daily compliance tasks to the company’s certified PCI experts, ensuring faster remediation and audit readiness throughout the year.
For more information on Outpost24’s PCI DSS Compliance solution, visit outpost24.com/products/pci.
The Top 3 Threat Actors Targeting the Insurance Industry
Posted in Commentary with tags Outpost24 on February 18, 2026 by itnerdThreat actors target the insurance industry for a simple reason: insurers sit on concentrated volumes of sensitive personal data, financial records, and in many cases health information, all of which are highly valuable for resale on dark markets.
According to recent analysis by Outpost24 research and threat intel, there are three threat actors in particular which have been attacking the insurance industry most often.
According to the findings, the actors include Scattered Lapsus$ Hunters (who recently conducted a large-scale campaign targeting Salesforce environments), Cl0p (recently attacked the Oracle E-Business Suite), and NoName057(16) (a pro-Russian hacktivist group which frequently conducts DDoS attacks).
For full details, the analysis can be found here: https://outpost24.com/blog/top-3-threat-actors-targeting-insurance-industry/
Leave a comment »