Skip to content

AI in Cybersecurity

CVE-2025-53770 (Microsoft SharePoint)

Description: Deserialization vulnerability enabling unauthenticated RCE via the /_layouts/15/ToolPane.aspx endpoint. Technical Details: CVSS Score: 9.8 (Critical) Exploit: Attackers craft malicious ASPX payloads (spinstall0.aspx) to exploit unsafe deserialization, extracting ValidationKey and DecryptionKey from __VIEWSTATE. Spoofed Referer headers (/layouts/SignOut.aspx) bypass authentication. The exploit chains with CVE-2025-49704 (spoofing, CVSS 8.8) and CVE-2025-49706 (RCE bypass), deploying .dll payloads (SHA256:… Read More »CVE-2025-53770 (Microsoft SharePoint)

Dior Data Breach

Overview French luxury brand Dior suffered a data breach exposing customer and employee data, attributed to Chinese state-sponsored actors, likely DCHSpy, linked to the ShinyHunters group via a third-party vendor breach (LVMH). Technical Details: Attack Vector: Exploited a misconfigured AWS S3 bucket with public read permissions (“Effect”: “Allow”, “Principal”: “*”) and no IAM role-based controls,… Read More »Dior Data Breach

Weekly Report: New Hacking Techniques and Critical CVEs July 14-21, 2025

The week of July 14-21, 2025, witnessed an unprecedented escalation in cybersecurity threats with multiple critical zero-day vulnerabilities under active exploitation, sophisticated state-sponsored attacks, and a major international law enforcement operation against Russian cybercriminals. The period was characterized by maximum-severity vulnerabilities achieving immediate weaponization, advanced persistent threat campaigns deploying next-generation malware, and coordinated international cybercrime… Read More »Weekly Report: New Hacking Techniques and Critical CVEs July 14-21, 2025

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches July 14-21, 2025

The week of July 14-21, 2025, marked an unprecedented surge in critical cybersecurity incidents, characterized by multiple zero-day exploitations, state-sponsored campaigns, and a significant data breach affecting millions of individuals. The security landscape witnessed five critical-severity incidents, including active exploitation of Microsoft SharePoint servers, CrushFTP file transfer systems, and Citrix NetScaler appliances. Concurrently, Chinese APT… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches July 14-21, 2025

Radiology Associates of Richmond Data Breach: Protecting Healthcare Data

Overview On July 18, 2025, Radiology Associates of Richmond disclosed a data breach exposing protected health and personal information of patients. The breach, reported by SecurityWeek, involved unauthorized access to systems, likely via phishing or exploited vulnerabilities. Explanation Attackers gained access through social engineering (e.g., phishing) or exploited vulnerabilities in public-facing systems, exfiltrating sensitive data.… Read More »Radiology Associates of Richmond Data Breach: Protecting Healthcare Data

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.