Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Outpost24’s threat intelligence researchers have been analyzing a corporate database seller known as “Lionishackers”. They’re a financially motivated threat actor focused on exfiltrating and selling corporate databases. This post explores how they operate, where their attacks are taking place, and the current level of threat they pose.

Social media can work both for and against an organization, so it’s worth treating these sites as extensions of your attack surface. CompassDRP’s Social Media integration continuously monitors both corporate and employee profiles across platforms such as Twitter, LinkedIn, and Facebook. It automatically flags unauthorized or impersonating accounts that mimic executive identities or misuse company branding, helping to thwart phishing and fraud campaigns before they gain traction.

It’s tempting to view bug bounty programs as a cheat code – an enticing shortcut to uncover vulnerabilities by tapping into the creativity of the global security community. Is there really any to invest in your own testing for vulnerabilities? But while these programs can surface critical flaws that traditional testing might miss, they’re inherently reactive and can be limited in scope.

In June 2025, Israel carried out airstrikes against key Iranian military and nuclear facilities. Iran swiftly retaliated, escalating regional tensions to unprecedented levels. This military confrontation has not only unfolded in conventional warfare but also triggered a massive surge in cyber operations. Almost immediately after the kinetic attacks, numerous hacktivist groups began launching cyberattacks primarily targeting Israel and its international allies.

I recently discovered an interesting race condition vulnerability in the eCommerce software nopCommerce, during a manual pen test as part of the SWAT service (SWAT is Outpost24’s Pen Testing as a Service solution). This vulnerability (CVE-2024-58248) involves nopCommerce, an open-source eCommerce platform written in C#, which aids developers in building online stores. When exploited, it allows an attacker user to redeem a gift card multiple times by using a technique called a single-packet attack.

In the world of modern web applications, the OAuth flow is our trusty gatekeeper, enabling seamless logins and secure data sharing. But its flexibility (designed to handle myriad use cases) is also its Achilles’ heel. A tiny misstep in URI validation or a missing state check can turn a robust token exchange into an open invitation for attackers, leading to serious OAuth vulnerabilities that compromise user data and application security.

Your external attack surface is growing — whether you’re aware of it or not. Cloud migration, IoT, AI, and remote work are all contributing to the rapid expansion of organizations’ external attack surfaces, and many security teams are struggling to keep up. According to a 2021 report, 69% of organizations admitted they had experienced at least one cyberattack that was initiated through exploiting an unknown or unmanaged internet-facing asset.

Last year, nearly 60% of cyber compromises were directly attributable to unpatched vulnerabilities – flaws that organizations knew about but hadn’t remediated in time. The problem with traditional vulnerability management (VM) approaches is they treat every finding equally, leaving security teams drowning in noise and fighting to sort serious risks from low-level tasks. This is where Risk-Based Vulnerability Management (RVBM) comes in.

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from May about Scattered Spider, Lumma Stealer and more.

Recognition Solidifies Outpost24’s Leadership in Attack Surface Management PHILADELPHIA (May 27, 2025) — Outpost24, a leading provider of cyber risk management and threat intelligence solutions, today announced it has been recognized as an Overall Leader in the 2025 KuppingerCole Leadership Compass Report for Attack Surface Management and is the only European vendor named as an Overall Leader in the report. The company was also named a leader in the Product and Market categories.