Skip to content

Attack Surface Management (ASM)

Weekly Report: New Hacking Techniques and Critical CVEs 26 Dec – 31 Dec 2025

The final week of 2025 (December 26-31) featured NVD publication of multiple critical CVEs including root RCE in Xspeeder SXZOS (CVE-2025-54322) and high-severity deserialization flaws, alongside reports of MongoBleed memory leaks in MongoDB and sustained scans on legacy FortiOS/Adobe ColdFusion vulnerabilities. Dark web forums pushed unrestricted AI tools like DIG AI for malware generation and… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 26 Dec – 31 Dec 2025

Weekly Report: New Hacking Techniques and Critical CVEs 10 Dec – 17 Dec 2025

The week of December 10-17, 2025 witnessed unprecedented velocity in critical vulnerability exploitation and nation-state targeting of global infrastructure. Five CVSS 10.0/9.8-rated vulnerabilities entered active exploitation phases within 72 hours of disclosure, impacting 644,000+ domains and requiring emergency government directives. Simultaneously, APT36 demonstrated Linux-specific espionage capabilities against Indian government infrastructure, ToddyCat expanded email harvesting operations,… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 10 Dec – 17 Dec 2025

AI and the Future of Offensive Security: Insights from Bruce Schneier and Bikash Barai

In a recent Fireside Chat, Bruce Schneier- renowned cryptographer, Harvard professor, and one of the most influential voices in cybersecurity- joined Bikash Barai, Founder & CEO of FireCompass, to discuss how AI is fundamentally reshaping pentesting, red teaming, and the future of cyber defense. Watch the Full Fireside Chat Recording Gain first-hand insights from Bruce… Read More »AI and the Future of Offensive Security: Insights from Bruce Schneier and Bikash Barai

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 2 Dec – 10 Dec 2025

From December 2-10, 2025, disclosures around an Oracle E‑Business Suite campaign, a large third‑party fintech breach, and several sector‑specific data exposures highlighted how platform and vendor compromises are driving multi‑organization risk. University of Phoenix confirmed a significant Oracle EBS breach tied to CVE‑2025‑61882, Marquis Software’s ransomware breach impacted over 74 U.S. banks and credit unions,… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 2 Dec – 10 Dec 2025

React2Shell (CVE-2025-55182): Pre‑Auth RCE In React & Next.js- A Log4Shell‑Style Wake‑Up Call

On 3rd December 2025, a critical remote code execution vulnerability was disclosed in the React Server Components (RSC) ecosystem, widely known as React2Shell and tracked as CVE‑2025‑55182 (React) and CVE‑2025‑66478 (Next.js, later merged into the main CVE). The flaw allows unauthenticated remote code execution (pre‑auth RCE) on servers using React Server Components and frameworks like… Read More »React2Shell (CVE-2025-55182): Pre‑Auth RCE In React & Next.js- A Log4Shell‑Style Wake‑Up Call

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.