Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The strategic acquisition strengthens market leadership by unifying user identity with device trust, eliminating security blind spots. STOCKHOLM / PHILADELPHIA (December 9, 2025) – Outpost24, a leader in exposure management and identity security, today announced the acquisition of Infinipoint, a specialist in device identity, posture validation, and secure workforce access.

The UK government introduced the Cyber Security and Resilience Bill to Parliament on November 12th, 2025. Science, Innovation and Technology Secretary Liz Kendall stated: “Cybersecurity is national security. This legislation will enable us to confront those who would disrupt our way of life.” If you work in healthcare, energy, water, transport, or supply IT services to these sectors, this legislation will directly affect how you manage cybersecurity.

The EU’s Digital Operational Resilience Act (DORA) has just turned a year old. This regulation represented a fundamental shift in how the financial sector manages ICT risk, moving beyond traditional compliance to demand continuous, demonstrable digital operational resilience. A year on, the focus has changed. Organizations can no longer just avoid cyber incidents. They need to prove they can withstand, respond to, and recover from disruptions quickly and effectively.

The recent developments surrounding the Salesforce data breach serve as a stark reminder of the persistent threats organizations face. What began as a concerning incident earlier this summer has now escalated dramatically, with threat actors following through on their threats and releasing a substantial trove of Qantas customer data to the public.

Security teams drowning in alerts, executives demanding business justification for security investments, and an attack surface that grows daily – sound familiar? While traditional vulnerability scanners excel at finding problems, they fall short when it comes to the critical question: which risks actually matter to your business? This is where cyber risk quantification and cyber risk scoring come in, transforming how organizations understand and respond to threats.

Web application firewalls (WAF) is a protection mechanism to help block potential malicious requests before they can reach the application itself. Often this is implemented as a proxy, intercepting HTTP requests, analyzing them, and finally deciding on an action. While effective, over relying on it could lead to a false sense of security that allows attackers to exploit unresolved internal issues.

Carding is a type of cybercrime where attackers steal or illegally buy credit card information and use it to make unauthorized transactions. It often involves testing stolen card numbers with small purchases before making larger fraudulent charges. Criminals typically exchange or sell these stolen details on underground forums or dark web marketplaces. Outpost24’s Threat Intelligence team, KrakenLabs, carried out a previous public analysis of the underground card fraud ecosystem in 2022.

Olymp Loader is a Malware-as-a-Service (MaaS) advertised on underground forums and Telegram since June 5, 2025. The seller, “OLYMPO”, presents Olymp Loader as fully written in assembly language and frequently markets it as FUD (Fully UnDetectable). Despite its recent appearance, many underground forum users have already posted positive reviews.

Philadelphia, PA, 23rd September – Outpost24, a leading provider of exposure management solutions, today announced the launch of new pen test reporting, giving customers a consolidated view of all penetration testing results within a single platform. This eliminates the need to manage multiple reports from different sources, saving time and improving operational efficiency. Security teams can now view, schedule, and download reports directly, with actionable insights from certified pen testers.

In July 2025, pro-Palestinian hacktivist group zerodayx1 launched its own Ransomware-as-a-Service (RaaS) operation, following the path of other hacktivist teams. They loudly announced the initiative on platforms commonly used for such purposes, including X (formerly Twitter) and Telegram. Zerodayx1 exemplifies the ongoing evolution of these groups, underscoring the importance of studying and understanding their methods in order to better prepare for and respond to such threats.