Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 21, 2025, CrushFTP privately alerted customers to a critical authentication bypass vulnerability, now tracked as CVE-2025-31161. Since the initial disclosure, a proof-of-concept (PoC) exploit has been made publicly available, and the CrushFTP CEO has confirmed observing customer compromises via CVE-2025-31161.

Manufacturing organizations need Privileged Access Management (PAM) for Industrial Internet of Things (IIoT) security because it protects critical systems and devices by ensuring that only authorized users have access. IIoT refers to a network of connected devices that work together to collect and analyze data across industrial sectors to improve operational efficiency. As IIoT becomes increasingly integral to manufacturing, securing these connected systems is more important than ever.

Quantifying the economic impact of Elastic Security As public sector organizations grapple with a changing economic and political landscape, the focus has increasingly turned to driving efficiencies, reducing costs, and strengthening resiliency.

Outpost24 analysts recently discovered a critical authentication bypass vulnerability in CrushFTP, identified as CVE-2025-31161. The vulnerability has a CVSSv3.1 score of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8). We reached out to MITRE for a CVE on 13th March 2025 and were within an agreed 90-day non-disclosure period with CrushFTP. The plan was to give users plenty of time to patch before attackers were alerted to the vulnerability and able to exploit it.

Organizations today move fast, but slow vendor approvals can grind everything to a halt. As companies increasingly rely on third-party vendors, slow vendor approvals create a serious security bottleneck. This slowdown costs organizations valuable time and resources—and leaves them open to security risks. It’s important to cohesively review and approve vendors to manage third-party risk, but organizations should be aware of just how long those approvals take.

If you’re a security analyst, you know the work never stops. Even after your team completes an extensive vendor risk assessment and remediation, you still need to write a report to share your findings with key stakeholders. And this work isn’t a walk in the park by any means. Writing a risk assessment report often requires hours (or even days) of summarizing information, repopulating graphs, and balancing technical details with clarity to cater to technical and non-technical stakeholders.

Modern cloud architectures are increasingly distributed, with applications and services spanning multiple regions to improve availability, reduce latency, and support disaster recovery. Many of our customers rely on solutions like Virtual Private Cloud (VPC) peering, Network Address Translation (NAT) gateways, and AWS Transit Gateways to securely send telemetry to Datadog across regions. These methods work but can add complexity, increase costs, and create potential security risks.

Discover how cyber threat intelligence can transform your security strategy and keep your organization safe from evolving threats.

Riscosity has made it even easier to prioritize issues where data types are being shared by your Applications with 3rd party vendors by adding Confidence Scores to those data types. Users can focus in on the issues with data types that Riscosity had the highest confidence in determining without worrying about false positives.

The institutional adoption of Solana is accelerating at an unprecedented pace, driven by its unmatched speed, efficiency, and scalability.. Its growing adoption by financial institutions and Web3 developers highlights its efficiency in real-time payments and tokenization. However, challenges remain in securely managing transactions, gas fees, and token operations.