Skip to content

CVE

Weekly Report: New Hacking Techniques and Critical CVEs 26 Aug – 01 Sep, 2025

The final week of August 2025 witnessed a convergence of sophisticated supply chain attacks, critical infrastructure targeting, and state-sponsored campaigns that collectively demonstrated the accelerating sophistication and impact of modern cyber threats. The most significant developments include the first-ever AI-assisted supply chain attack through the Nx build platform compromise, the widespread Salesloft Drift OAuth token… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 26 Aug – 01 Sep, 2025

Weekly Report: New Hacking Techniques and Critical CVEs 11 Aug – 18 Aug, 2025

The week of August 11-18, 2025 witnessed an unprecedented surge in critical cybersecurity incidents, with multiple zero-day vulnerabilities actively exploited by both nation-state actors and cybercriminal groups. This period marked one of the most volatile weeks in enterprise security, featuring critical vulnerabilities across major security platforms, unprecedented collaboration between notorious threat groups, and significant disruption… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 11 Aug – 18 Aug, 2025

Weekly Report: New Hacking Techniques and Critical CVEs 4 Aug – 11 Aug, 2025

The cybersecurity landscape during August 4-11, 2025, witnessed a surge in critical zero-day exploitations, sophisticated ransomware campaigns, and nation-state attacks targeting critical infrastructure. Four major zero-day vulnerabilities were actively exploited in the wild, with threat actors demonstrating unprecedented speed in weaponizing newly disclosed flaws. The week’s most significant incidents included active exploitation of Citrix NetScaler… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 4 Aug – 11 Aug, 2025

Weekly Report: New Hacking Techniques and Critical CVEs 28 July – 4 Aug , 2025

From 28 July to 4 August 2025, threat actors leveraged novel AI-assisted malware, zero-day chains against on-prem SharePoint, critical command-injection in CI/CD pipelines, and advanced social-engineering playbooks. Fourteen CVEs reached Critical severity, including two actively exploited zero-days. Dark-web chatter intensified around Medusa and BlackSuit takedown fallout, with ransomware affiliates trading victim data and custom tooling… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 28 July – 4 Aug , 2025

CVE-2025-43712: JHipster Platform Privilege Escalation Vulnerability Discovered by FireCompass Research, Added to NIST

Product Name: JHipster Platform Vulnerability: Privilege Escalation via Response Manipulation Vulnerable Versions: Up to 8.9.0 CVE: CVE-2025-43712 Discovered by: Hritik Godara, FireCompass Research Team Researchers from the FireCompass Security Team discovered a privilege escalation vulnerability in the JHipster Platform (up to v8.9.0). The issue was identified in how the application processes authentication responses—specifically, improper server-side validation of user roles… Read More »CVE-2025-43712: JHipster Platform Privilege Escalation Vulnerability Discovered by FireCompass Research, Added to NIST

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.