Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security through obscurity is based on the idea that if attackers don’t know how a system works or even if it exists, they’ll have a harder time breaching it. Despite repeatedly broken implementations and lacking support from standards bodies, this concept continues to be widely used. Secret doesn’t always mean safe – and it can even give a false sense of security.

On January 14th, 2025, Belsen Group emerged in the underground forum Breach Forums publishing a list of sensitive data extracted from vulnerable Fortinet FortiGate devices. Since then, they have expanded their malicious activities into acting as initial access brokers. Who are they and what do we know about them? In this blog we’ll give you the lowdown on an ambitious new threat group to be aware of.

In the context of penetration (pen) testing, false positives are where the testing tools or methods identify a security vulnerability or issue that doesn’t actually exist. Essentially, a false alarm. This can happen for a few reasons, such as misconfigurations in the testing tools, incorrect assumptions, or environmental factors.

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from January.