Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Microsoft Power Platform, specifically Power Automate and Copilot Studio, makes it easy for organizations to quickly build automations and AI agents. To keep them secure and compliant, Tenant Isolation is a critical feature designed to prevent unauthorized cross-tenant communication. However, in our latest research, we discovered a high-severity vulnerability that bypasses Tenant Isolation policies using the HTTP Connector - potentially exposing sensitive data and enabling unauthorized actions.

This is the second part of Outpost24’s KrakenLabs investigation into EncryptHub, an up-and-coming cybercriminal who has been gaining popularity in recent months and is heavily expanding and evolving operations at the time of writing. We’ve already published one article explaining EncryptHub’s campaigns and TPPs, infrastructure, infection methods, and targets.

In the ever-evolving landscape of web application vulnerabilities, a new critical flaw has emerged. CVE-2025-2825 is a high-severity vulnerability that allows attackers to bypass authentication on CrushFTP servers. This popular enterprise file transfer solution is often used in corporate environments to manage sensitive data, making this vulnerability particularly concerning.

Outpost24 analysts recently discovered a critical authentication bypass vulnerability in CrushFTP, identified as CVE-2025-31161. The vulnerability has a CVSSv3.1 score of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8). We reached out to MITRE for a CVE on 13th March 2025 and were within an agreed 90-day non-disclosure period with CrushFTP. The plan was to give users plenty of time to patch before attackers were alerted to the vulnerability and able to exploit it.

On March 21, 2025, CrushFTP privately alerted customers to a critical authentication bypass vulnerability, now tracked as CVE-2025-31161. Since the initial disclosure, a proof-of-concept (PoC) exploit has been made publicly available, and the CrushFTP CEO has confirmed observing customer compromises via CVE-2025-31161.

The landscape of mergers and acquisitions (M&A) is evolving rapidly, particularly in the United States, where the dynamics of these deals are shaped by numerous factors, including cybersecurity. Within this sector, vulnerability management plays a critical role in ensuring the integrity, confidentiality, and availability of digital assets, which are often crucial in M&A transactions.

Today, I'm absolutely thrilled to announce our newest innovation in the security space: our new CLI tool, Greybeard. After years of giving polite, professional security advice, we've realized what developers really need is an ornery virtual security expert who tells it like it is.