When someone tells you they do continuous offensive security testing or COST, ask two questions. Q1: Can it prove the exploit with reproduction steps and a PoC, or does it just flag a maybe? Q2: Can it run autonomously without you losing control of what it touches? A new label is showing up across the… Read More »The Future of Pen Testing Is Continuous Offensive Security Testing (COST).
For the last few years, autonomous penetration testing has been defined by proof of possibility that machines can plan and execute attacks without human operators. That question has been answered. The real question today is far more important: Can autonomous penetration testing operate credibly inside real enterprise environments continuously, safely, and at scale? At FireCompass,… Read More »Autonomous Penetration Testing Is Growing Up
Date of Incident: August 9-14, 2025 Overview: Cox Enterprises recently suffered a breach of its Oracle E-Business Suite, exploited by the Cl0p ransomware group through a zero-day vulnerability. Occurring between August 9-14, 2025, this attack exposed the personal data of 9,479 individuals. The Cl0p group utilized this vulnerability to inject ransomware, encrypting files and publishing… Read More »Cox Enterprises Oracle E-Business Suite Zero-Day Breach
In another blow to consumer data privacy, European retail giant Auchan has confirmed a data breach that impacted several hundred thousand of its customers. The breach specifically targeted customer loyalty accounts and resulted in the unauthorized exposure of sensitive personal information. >>Outpace Attackers With AI-Based Automated Penetration Testing What Was Exposed? Auchan’s loyalty program, a… Read More »Auchan Data Breach: Loyalty Program Compromise Exposes Customer Information
From 28 July to 4 August 2025, threat actors leveraged novel AI-assisted malware, zero-day chains against on-prem SharePoint, critical command-injection in CI/CD pipelines, and advanced social-engineering playbooks. Fourteen CVEs reached Critical severity, including two actively exploited zero-days. Dark-web chatter intensified around Medusa and BlackSuit takedown fallout, with ransomware affiliates trading victim data and custom tooling… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 28 July – 4 Aug , 2025