Attack Surface Management (ASM)

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 2 Dec – 10 Dec 2025

December 11, 2025December 11, 2025

From December 2-10, 2025, disclosures around an Oracle E‑Business Suite campaign, a large third‑party fintech breach, and several sector‑specific data exposures highlighted how platform and vendor compromises are driving multi‑organization risk. University of Phoenix confirmed a significant Oracle EBS breach tied to CVE‑2025‑61882, Marquis Software’s ransomware breach impacted over 74 U.S. banks and credit unions,… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 2 Dec – 10 Dec 2025

React2Shell (CVE-2025-55182): Pre‑Auth RCE In React & Next.js – A Log4Shell‑Style Wake‑Up Call

December 10, 2025December 10, 2025

On 3rd December 2025, a critical remote code execution vulnerability was disclosed in the React Server Components (RSC) ecosystem, widely known as React2Shell and tracked as CVE‑2025‑55182 (React) and CVE‑2025‑66478 (Next.js, later merged into the main CVE). The flaw allows unauthenticated remote code execution (pre‑auth RCE) on servers using React Server Components and frameworks like… Read More »React2Shell (CVE-2025-55182): Pre‑Auth RCE In React & Next.js – A Log4Shell‑Style Wake‑Up Call

Leroy Merlin data breach

December 4, 2025December 4, 2025

Date of Incident: 2023 Overview: In 2023, Leroy Merlin, a company in the retail sector, experienced a data breach resulting in the exposure of customers’ personal information, including full names, phone numbers, email addresses, postal addresses, birth dates, and loyalty program details. There was no evidence of banking data or passwords being compromised, and no… Read More »Leroy Merlin data breach

University of Pennsylvania Oracle E-Business Suite Breach

December 4, 2025December 4, 2025

Date of Incident: August 2025 Overview: In August 2025, the University of Pennsylvania experienced a data breach targeting its Oracle E-Business Suite, attributed to the Clop ransomware group. Attackers exploited a zero-day vulnerability, compromising personal information of 1,488 individuals, with a potential for more. The breach utilized advanced tactics such as SQL injection and remote… Read More »University of Pennsylvania Oracle E-Business Suite Breach

Coupang Data Breach

December 2, 2025

Date of Incident: June 24, 2025 Overview: The Coupang Data Breach, reported on December 1, 2025, impacting the retail sector, involved unauthorized access to Coupang’s customer database on June 24, 2025. This breach exposed personal information, including full names, phone numbers, email addresses, physical addresses, and order details of 33.7 million customers. Notably, payment information… Read More »Coupang Data Breach

Attack Surface Management (ASM)

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 2 Dec – 10 Dec 2025

React2Shell (CVE-2025-55182): Pre‑Auth RCE In React & Next.js – A Log4Shell‑Style Wake‑Up Call

Leroy Merlin data breach

University of Pennsylvania Oracle E-Business Suite Breach

Coupang Data Breach

Use Cases

Technology

About

Partner

Resources