The IT Nerd

Outpost24, leading provider of cyber risk management and threat intelligence solutions, today announced the addition of AI-enhanced summaries to the Digital Risk Protection (DRP) modules within its External Attack Surface Management (EASM) platform.

With Outpost24’s DRP modules, organizations are able to identify, monitor, and protect against threats before they can be exploited. DRP’s threat intelligence provides continuous scans for exposed credentials, brand impersonations, data leaks and more. While this is all valuable information to have, these DRP findings can be challenging and time-consuming for security teams to interpret. 

Leveraging the AI LLM, jobs are enhanced to automatically generate a 25-word summary, which will replace original, complex DRP excerpts. This will help customers to reduce decision-making time by: 

• Providing helpful content insights in an easily-understandable format
• Translating foreign language threat information into English
• Distilling threat intelligence into key areas of concern

Outpost24 is continuously researching and developing how to bring AI-enhanced functionality into its Attack Surface Management (ASM) platforms. The addition of AI-enhanced summaries now sits alongside the Domain Discovery AI feature already available in the EASM platform. 

Additionally, while DRP results are already publicly available by nature, Outpost24 is committed to ensuring that data is not further leaked to third parties. For this reason, AI summaries are powered from a private LLM instance. 

To learn more about Outpost24’s EASM Platform with Digital Risk Protection modules, including the addition of AI-powered summaries, please click here.

Outpost24, leading provider of cyber risk management and threat intelligence solutions, today announced the integration of two new Digital Risk Protection (DRP) modules to its External Attack Surface Management (EASM) platform. The Social Media and Data Leakage modules are now offered alongside the Leaked Credentials and Dark Web modules to enhance customer insights into the entire attack surface. 

From access to private and exclusive sources, strong automation capabilities, and powered by advanced threat intelligence, Outpost24’s new DRP modules assist organizations in getting a full overview of external threats and risks, empowering proactivity and prioritization. 

With threat actors leveraging information on social media profiles to launch attacks against companies, the Social Media DRP module monitors organizations’ profiles as part of the attack surface. From the real-time tracking of social media impersonation, external breaches, and internal leaks, this module enables organizations to respond faster to threats and incidents as they emerge. 

Likewise, an organization’s sensitive documents are an integral asset to keep protected from external eyes. The Data Leakage DRP module detects potentially leaked documents and potentially leaked source code, providing organizations with enough time to react appropriately. 

Together, these attack surface monitoring modules empower companies to:

• Respond faster to threats as they emerge on social media 
• Detect leaked documents and source code and inform teams before they become a problem 
• Protect their reputation and reduce the risk of phishing or fraud 
• Prevent confidential information from spreading by catching issues early

To learn more about Outpost24’s EASM Platform with Digital Risk Protection modules, including the new Social Media and Data Leakage additions, please click here. 

Today Outpost24’s KrakenLabs published Part 2 of its investigation into EncryptHub, an up-and-coming cybercriminal who has been gaining popularity in recent months and is heavily expanding and evolving operations. Part 1 covered EncryptHub’s campaigns and TPPs, infrastructure, infection methods, and targets.

In part 2 Unmasking EncryptHub: help from ChatGPT & OPSEC blunders, the researchers explore the:

• Last decade online with a particular focus on EncryptHub’s one-year-old foray into cybercrime
• OPSEC mistakes EncryptHub made along the way, including the reuse of passwords, the use of personal email accounts and usernames to register and manage several assets tied to his criminal activities
• Heavy reliance on ChatGPT and a few key errors which lead to his unmasking
• Most notable ‘developer-related’ mistake: poor access management on his C2 server, leaving confidential parts of the server exposed with directory listing enabled, accessible to anyone without authentication

The researchers hope to reveal a human image beyond the amorphous dark entity that the generic tag of ‘Threat Actor’ usually gives.

Outpost24 analysts recently discovered a critical authentication bypass vulnerability in CrushFTP, identified as CVE-2025-31161. 

Today, the team posted a blog detailing the process of their reporting, including how other parties circulating this news under a different CVE caused media confusion. 

The vulnerability is now being exploited by remote attackers, who are using it to gain unauthenticated access to devices running unpatched versions of CrushFTP v10 or v11. There have been over 1,500 vulnerable instances exposed online. The threat is particularly concerning as file transfer products like CrushFTP are often targeted by ransomware gangs. 

The blog runs through how the vulnerability works, how Outpost24 found it, and the timeline of events around the botched disclosure of this issue.  

For full details, you can read the blog in full here: https://outpost24.com/blog/crushftp-auth-bypass-vulnerability/

Outpost24 has announced the integration of dark web insights into its EASM platform. 

Security teams need complete visibility on their organization’s exposure. This doesn’t only include owned online assets, but also their dark web presence. Information on the dark web may suggest an organization is being targeted for an attack – or has already been infiltrated. 

This is why a dark web digital risk protection (DRP) module is so important. It works by detecting the sales of corporate data or access, uncovering early-stage cyberattack preparations, tracking industry-wide threats, and supporting security incident investigation. 

For full details on this new integration and how it assists, the announcement can be found here: https://outpost24.com/blog/dark-web-insights-outpost24-easm/

Outpost24’s KrakenLabs has released research on a new EncryptHub multi-stage malware campaign.

While previous reports have begun to shed light on the operation of this rising criminal entity, Outpost24’s KrakenLabs investigation has gone a step further, uncovering previously unseen aspects of their infrastructure, tooling, and behavioral patterns.

Through a series of operational security (OPSEC) missteps, EncryptHub inadvertently exposed critical elements of its ecosystem, allowing Outpost24 to map their tactics with unprecedented depth.

Their lapses include directory listing enabled on key infrastructure components, hosting stealer logs alongside malware executables and PowerShell scripts, and revealing Telegram bot configurations used for data exfiltration and campaign tracking.

These mistakes provided a unique vantage point into their operations, enabling Outpost24’s researchers to dissect their attack chain and methodologies in ways that have not yet been publicly detailed.

You can read the research here.

 Outpost24, a leading provider of cyber risk management and threat intelligence solutions, today announced the launch of Outpost24 CyberFlex, a comprehensive application security solution that combines Attack Surface Management (ASM) and Penetration Testing as a Service (PTaaS) to manage and secure an organization’s external-facing applications, and deliver enhanced visibility in a flexible and agile way.

With organizations being vulnerable to cyberattacks through unmanaged internet-facing assets, Outpost24 CyberFlex delivers an unmatched approach to the comprehensive discovery, risk management, and protection of all external-facing applications.

This seamless integration, coupled with the expertise and actionable recommendations from Outpost24’s world-leading AppSec research team, offers organizations a cost-effective efficient approach to managing and securing applications with agility and flexibility.

The Outpost24 CyberFlex offering ensures organizations have the following application security capabilities:

• Comprehensive Discovery: Uncover every application in your attack surface, including both recognized and hidden assets.
• Enhanced Control and Visibility: Maintain complete oversight and control over your application’s attack surface.
• Detailed Risk Assessment: Strategically prioritize PTaaS assessments with in-depth risk categorization and expert recommendations from the Outpost24 AppSec penetration testing team.
• Adaptable Annual Consumption Model: Streamline budgeting and resource allocation with a flexible annual PTaaS consumption agreement.
• Ongoing Pen Testing: Keep critical applications secure with continuous, targeted penetration testing evaluations which are human-led to uncover both technical and business-logic vulnerabilities.
• Effective Remediation: Implement targeted actions to close security gaps and build resilient AppSec programs.

The Outpost24 CyberFlex solution, powered by in-depth attack surface analysis and human-led penetration testing, ensures organizations around the world can continuously monitor their attack surface and proactively remediate what matters most to them.

To learn more about Outpost24’s CyberFlex, which is now available, please click here.

 Outpost24, a leading provider of cyber risk management and threat intelligence solutions backed by Vitruvian Partners, has confirmed the appointment of Omri Kletter as its new Chief Product Officer. As an experienced security leader, Kletter will bring exceptional knowledge to Outpost24, strengthening the company’s mission of simplifying cyber exposure management and strategically positioning it for significant growth in 2025 and beyond.

In his new role, Kletter will:

• Innovate for tomorrow’s cyber threats by launching and refining Outpost24’s cutting-edge products that address the evolving landscape of cybersecurity threats, ensuring proactive protection for clients.
• Enhance our customer-centric security solutions, strengthening Outpost24’s commitment to customer protection by developing intuitive, high-impact products tailored to meet diverse security needs.
• Fostering cross-functional synergy by fostering a collaborative culture between product, engineering, and sales teams to drive the creation and delivery of integrated, high-quality cybersecurity solutions.

With a distinguished career in the industry, Kletter has played a pivotal role in shaping innovative fraud detection strategies and risk management products in his previous roles. Most recently, he served as the General Manager of the Risk and Fraud Product Line at Bottomline Technologies, leading the development and the go-to-market of cutting-edge fraud prevention solutions. Before his tenure at Bottomline, Kletter was the Head of Fraud Solutions at NICE Actimize, where he spearheaded initiatives to combat financial crime through advanced analytics and artificial intelligence. His deep industry acumen makes him a valuable addition to the Outpost24 team to drive innovation and security for the product line that will benefit customers and the wider ecosystem

Security researchers discovered a threat actor known as Unfurling Hemlock infecting target systems with up to ten pieces of malware simultaneously. Dubbed a “malware cluster bomb” by researchers, this method involves using one malware sample to spread additional ones on compromised machines. The malware mainly consisted of stealers, such as Redline, RisePro and Mystic Stealer, and loaders such as Amadey and SmokeLoader.

Outpost24’s KrakenLabs, the Cyber Threat Intelligence team, discovered this operation. Their findings reveal that Unfurling Hemlock’s activity dates back to at least February 2023 and employs a unique distribution method. KrakenLabs has identified over 50,000 “cluster bomb” files with distinct characteristics linking them to Unfurling Hemlock.

The attack begins with the execution of a file named ‘WEXTRACT.EXE’, which arrives on target devices through malicious emails or malware loaders that Unfurling Hemlock acquires from other operators. This executable contains nested compressed cabinet files, each level holding a malware sample and another compressed file. As each stage is unpacked, a new malware variant is dropped onto the victim’s machine. The final stage’s extracted files are executed in reverse order, with the most recently extracted malware executed first.

The researchers found that over half of Unfurling Hemlock’s attacks targeted systems in the United States, with significant activity also observed in Germany, Russia, Turkey, India, and Canada.

Evan Dornbush, former NSA cybersecurity expert had this to say:

   “KrakenLabs’ report demonstrates why it is critical to support cybersecurity research efforts. The attackers appear to have taken a multitude of known tools and packaged them up in a novel mechanism that could facilitate evasion from defensive technology or, if detected, only be partially caught and removed from infected systems. In other words, things the defensive community thought were “solved” are still able to have harmful impact. This report highlights how both attackers and defenders incrementally improve looking at prior works.”

Organizations and perhaps individuals have one more thing that they can add to the list of things that they need to create defences to stop. Making life hard for overworked teams who are responsible for stopping cyber threats.