Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In today’s digital landscape, encrypted messaging apps are widely regarded as essential tools for secure communication. Businesses and individuals alike turn to platforms like Signal, WhatsApp, and Telegram to protect sensitive conversations from prying eyes. But how secure are these apps really? Are they truly attack-proof, or do they provide a false sense of security?

Due to compromised accounts, financial institutions lose billions annually in unauthorized transactions and account-related fraud. Airlines suffer millions in fraudulent ticket purchases, and retailers face widespread loyalty fraud and resold gift cards. Automated, bot-driven takeovers further amplify the issue, driving costly credential-stuffing attacks that inflate operational costs and burn through budgets. The list goes on, and the problem is only getting worse.

Outpost24 analysts recently discovered a critical authentication bypass vulnerability in CrushFTP, identified as CVE-2025-31161. The vulnerability has a CVSSv3.1 score of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8). We reached out to MITRE for a CVE on 13th March 2025 and were within an agreed 90-day non-disclosure period with CrushFTP. The plan was to give users plenty of time to patch before attackers were alerted to the vulnerability and able to exploit it.

Cyber security threats continue to evolve, but one factor remains consistent: human error is still the greatest risk to modern businesses worldwide. Employees make mistakes, bypass security measures, and fall victim to sophisticated social engineering attacks, leading to devastating data breaches. Despite extensive security awareness training, the reality is that investing more time and money in training isn’t solving the problem.

Thriving organizations maximally allocate resources. With seemingly infinite cybersecurity threats and finite resources, everyone needs to know the size of the threat to determine priority, and where to invest to maximize ROI. Elastic takes a quantified approach to cybersecurity risk management using FAIR to break threat scenarios into (A) likelihood and (B) losses to calculate risk per year, AKA annualized loss expectancy, or in FAIR terms, simply “risk”.

Supply-chain attacks may not grab the headlines in the same way as ransomware or data breaches, but these horrific, sneaky cyberattacks are just as dangerous for your business. Here are five things you need to know about supply chain attacks, including what they are, why they happen, and how to prevent them.

Organizations must develop robust programs to manage supply chain risks, both known and unknown, while prioritizing their most critical assets. Often referred to as the "crown jewels", these assets are the most valuable and vital to business success. Supply chain attacks exploit vulnerabilities in the network of suppliers, distributors, and other third-party partners to gain unauthorized access to sensitive data and systems.