Skip to content

External Attack Surface Management

ShinyHunters Salesforce Data Leak

Date of Incident: 2025-10-01 Overview: The ShinyHunters Salesforce Data Leak, reported on October 3, 2025, involves unauthorized access to Salesforce cloud instances due to exploited API vulnerabilities and possibly misconfigured permissions. Approximately 1 billion records from 39 companies were potentially impacted, with personal information stolen and samples leaked alongside ransom demands. The breach demonstrated automated… Read More »ShinyHunters Salesforce Data Leak

Red Hat Data Breach

Date of Incident: April 2024 Overview: The Red Hat data breach, reported in October 2025, occurred in April 2024 and involved unauthorized access to around 570GB of compressed data from 28,000 internal development repositories. The breach affected the software sector, compromising sensitive Customer Engagement Reports (CERs) that contained critical information about networks and infrastructure of… Read More »Red Hat Data Breach

Harrods third-party supplier breach

Date of Incident: 2024 Overview: In 2024, Harrods experienced a data breach due to a third-party supplier vulnerability, affecting 430,000 customer records with names, contact details, and marketing information exposed. The breach, which became public in September 2025, did not compromise passwords, payment details, or order histories. Attackers used exploitation techniques like SQL Injection to… Read More »Harrods third-party supplier breach

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 28 July – 4 Aug, 2025

During the week of 28 July – 4 August 2025, eight major cybersecurity incidents were disclosed across leading industry outlets. Adversaries leveraged zero-day exploits, social engineering, supply-chain compromises, misconfigurations, and phishing campaigns to exfiltrate sensitive data, deploy ransomware, and abuse infrastructure. Impacts ranged from private-message exposure to operational disruption of critical infrastructure. >>Outpace Attackers With… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 28 July – 4 Aug, 2025

CoinDCX Cryptocurrency Exchange Breach

Overview: Indian crypto exchange CoinDCX was breached, with attackers stealing wallet credentials and transaction data, causing $1.2M in losses. Technical Details: Attack Vector: Exploited CVE-2025-20281 (Cisco ISE injection vulnerability, CVSS 10.0) in a third-party payment gateway’s API endpoint (/admin/XXX) integrated with CoinDCX. Exploitation: Attackers sent crafted POST requests (Content-Type: application/json) with malicious SQL payloads (‘… Read More »CoinDCX Cryptocurrency Exchange Breach

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.