Skip to content

Continuous Automated Red Teaming (CART)

React2Shell (CVE-2025-55182): Pre‑Auth RCE In React & Next.js- A Log4Shell‑Style Wake‑Up Call

On 3rd December 2025, a critical remote code execution vulnerability was disclosed in the React Server Components (RSC) ecosystem, widely known as React2Shell and tracked as CVE‑2025‑55182 (React) and CVE‑2025‑66478 (Next.js, later merged into the main CVE). The flaw allows unauthenticated remote code execution (pre‑auth RCE) on servers using React Server Components and frameworks like… Read More »React2Shell (CVE-2025-55182): Pre‑Auth RCE In React & Next.js- A Log4Shell‑Style Wake‑Up Call

Inotiv Ransomware Attack

Date of Incident: August 2025 Overview: In August 2025, Inotiv, a healthcare services company, suffered a ransomware attack that disrupted business operations and compromised the personal information of 9,542 individuals. The cyberattack involved exploiting vulnerable remote access services and phishing techniques, encrypting 162,000 files totaling 176 GB. The attack aligned with MITRE ATT&CK techniques, featuring… Read More »Inotiv Ransomware Attack

Marquis Data Breach

Date of Incident: August 2025 Overview: The Marquis data breach, reported in December 2025, affected the finance sector, impacting over 400,000 customers across 74 U.S. banks and credit unions. Personal information, including Social Security numbers and financial account details, was exposed. Despite no evidence of data misuse, Marquis paid a ransom to prevent further data… Read More »Marquis Data Breach

University of Pennsylvania Oracle E-Business Suite Breach

Date of Incident: August 2025 Overview: In August 2025, the University of Pennsylvania experienced a data breach targeting its Oracle E-Business Suite, attributed to the Clop ransomware group. Attackers exploited a zero-day vulnerability, compromising personal information of 1,488 individuals, with a potential for more. The breach utilized advanced tactics such as SQL injection and remote… Read More »University of Pennsylvania Oracle E-Business Suite Breach

Coupang Data Breach

Date of Incident: June 24, 2025 Overview: The Coupang Data Breach, reported on December 1, 2025, impacting the retail sector, involved unauthorized access to Coupang’s customer database on June 24, 2025. This breach exposed personal information, including full names, phone numbers, email addresses, physical addresses, and order details of 33.7 million customers. Notably, payment information… Read More »Coupang Data Breach

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.