Skip to content

External Attack Surface Management

Weekly Report: New Hacking Techniques and Critical CVEs 2 Dec – 10 Dec 2025

Between 2-10 December 2025, three developments stand out for enterprise defenders: Shai-Hulud 2.0 npm worm: A rapidly evolving supply chain threat abusing npm and GitHub Actions to build a self-propagating CI/CD worm, with active reporting and defensive guidance released during this week. The underlying campaign began in September but continued and evolved into December, especially… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 2 Dec – 10 Dec 2025

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 2 Dec – 10 Dec 2025

From December 2-10, 2025, disclosures around an Oracle E‑Business Suite campaign, a large third‑party fintech breach, and several sector‑specific data exposures highlighted how platform and vendor compromises are driving multi‑organization risk. University of Phoenix confirmed a significant Oracle EBS breach tied to CVE‑2025‑61882, Marquis Software’s ransomware breach impacted over 74 U.S. banks and credit unions,… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 2 Dec – 10 Dec 2025

Freedom Mobile Data Breach

Date of Incident: October 23, 2023 Overview: The Freedom Mobile Data Breach occurred on October 23, 2023, impacting the telecommunications sector. Unauthorized access led to the theft of personal information, including names, addresses, dates of birth, phone numbers, and account numbers of a limited number of customers. While there is no evidence of data misuse… Read More »Freedom Mobile Data Breach

Leroy Merlin data breach

Date of Incident: 2023 Overview: In 2023, Leroy Merlin, a company in the retail sector, experienced a data breach resulting in the exposure of customers’ personal information, including full names, phone numbers, email addresses, postal addresses, birth dates, and loyalty program details. There was no evidence of banking data or passwords being compromised, and no… Read More »Leroy Merlin data breach

Marquis Data Breach

Date of Incident: August 2025 Overview: The Marquis data breach, reported in December 2025, affected the finance sector, impacting over 400,000 customers across 74 U.S. banks and credit unions. Personal information, including Social Security numbers and financial account details, was exposed. Despite no evidence of data misuse, Marquis paid a ransom to prevent further data… Read More »Marquis Data Breach

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.