Skip to content

Continuous Automated Red Teaming (CART)

Weekly Report: New Hacking Techniques and Critical CVEs 23 Sep – 29 Sep, 2025

The week of September 22-30, 2025 witnessed a critical escalation in cyber threats, highlighted by the active exploitation of two Cisco ASA firewall zero-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) by sophisticated state-sponsored actors. The U.S. Cybersecurity and Infrastructure Security Agency issued Emergency Directive ED 25-03, ordering federal agencies to immediately identify and mitigate potential compromises of… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 23 Sep – 29 Sep, 2025

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 23 Sep – 29 Sep, 2025

The final week of September 2025 saw critical cybersecurity incidents impacting global aviation, automotive, retail, and manufacturing sectors. Key events include a crippling ransomware attack on Collins Aerospace that disrupted European airports, a major data breach at Stellantis exposing 18 million customer records via a compromised Salesforce platform, and a system-wide outage at Japan’s Asahi… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 23 Sep – 29 Sep, 2025

Harrods third-party supplier breach

Date of Incident: 2024 Overview: In 2024, Harrods experienced a data breach due to a third-party supplier vulnerability, affecting 430,000 customer records with names, contact details, and marketing information exposed. The breach, which became public in September 2025, did not compromise passwords, payment details, or order histories. Attackers used exploitation techniques like SQL Injection to… Read More »Harrods third-party supplier breach

Stellantis Salesforce Data Breach

Date of Incident: 2025-05 Overview: In May 2025, Stellantis experienced a data breach involving unauthorized access to a third-party Salesforce platform used for customer service operations in North America. Attackers stole over 18 million records containing customer contact information, including names and contact details. No financial or sensitive personal information was compromised. The breach was… Read More »Stellantis Salesforce Data Breach

CVE-2025-53770 (“ToolShell”): Critical SharePoint RCE Exploited in the Wild

A Critical Remote Code Execution (RCE) vulnerability—CVE-2025-53770 (“ToolShell”)— is actively being exploited in the wild, targeting the on-premises SharePoint Servers. In this blog, we break down the technical details, real-world attack flow, and actionable mitigations. What Is CVE-2025–53770? CVE-2025-53770 is a critical vulnerability with CVSS score of 9.8. It is an unauthenticated RCE vulnerability affecting… Read More »CVE-2025-53770 (“ToolShell”): Critical SharePoint RCE Exploited in the Wild

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.