Skip to content

Red Teaming

DaVita Ransomware Data Breach: 2.7 Million Patients Affected in Healthcare Sector Attack

On March 24, 2025, DaVita, a large provider of kidney care, reported what seems to have been a significant ransomware attack. Some of the specifics remain unclear, and timelines could shift as more forensic evidence is gathered. Public disclosures so far suggest that nearly 2.7 million patient records may have been exposed. The case highlights… Read More »DaVita Ransomware Data Breach: 2.7 Million Patients Affected in Healthcare Sector Attack

Weekly Report: New Hacking Techniques and Critical CVEs 11 Aug – 18 Aug, 2025

The week of August 11-18, 2025 witnessed an unprecedented surge in critical cybersecurity incidents, with multiple zero-day vulnerabilities actively exploited by both nation-state actors and cybercriminal groups. This period marked one of the most volatile weeks in enterprise security, featuring critical vulnerabilities across major security platforms, unprecedented collaboration between notorious threat groups, and significant disruption… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 11 Aug – 18 Aug, 2025

Weekly Report: New Hacking Techniques and Critical CVEs 4 Aug – 11 Aug, 2025

The cybersecurity landscape during August 4-11, 2025, witnessed a surge in critical zero-day exploitations, sophisticated ransomware campaigns, and nation-state attacks targeting critical infrastructure. Four major zero-day vulnerabilities were actively exploited in the wild, with threat actors demonstrating unprecedented speed in weaponizing newly disclosed flaws. The week’s most significant incidents included active exploitation of Citrix NetScaler… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 4 Aug – 11 Aug, 2025

Weekly Report: New Hacking Techniques and Critical CVEs 28 July – 4 Aug , 2025

From 28 July to 4 August 2025, threat actors leveraged novel AI-assisted malware, zero-day chains against on-prem SharePoint, critical command-injection in CI/CD pipelines, and advanced social-engineering playbooks. Fourteen CVEs reached Critical severity, including two actively exploited zero-days. Dark-web chatter intensified around Medusa and BlackSuit takedown fallout, with ransomware affiliates trading victim data and custom tooling… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 28 July – 4 Aug , 2025

CVE-2025-43712: JHipster Platform Privilege Escalation Vulnerability Discovered by FireCompass Research, Added to NIST

Product Name: JHipster Platform Vulnerability: Privilege Escalation via Response Manipulation Vulnerable Versions: Up to 8.9.0 CVE: CVE-2025-43712 Discovered by: Hritik Godara, FireCompass Research Team Researchers from the FireCompass Security Team discovered a privilege escalation vulnerability in the JHipster Platform (up to v8.9.0). The issue was identified in how the application processes authentication responses—specifically, improper server-side validation of user roles… Read More »CVE-2025-43712: JHipster Platform Privilege Escalation Vulnerability Discovered by FireCompass Research, Added to NIST

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.