Date of Incident: September 20, 2025 Overview: In September 2025, Discord experienced a significant data breach involving their Zendesk support system, affecting 5.5 million users. Attackers exploited weaknesses in Zendesk’s access controls, leading to the theft of 1.6 terabytes of data. This included sensitive information such as government IDs, partial payment information, emails, and phone… Read More »Discord Zendesk Support System Data Breach
A Critical Remote Code Execution (RCE) vulnerability—CVE-2025-53770 (“ToolShell”)— is actively being exploited in the wild, targeting the on-premises SharePoint Servers. In this blog, we break down the technical details, real-world attack flow, and actionable mitigations. What Is CVE-2025–53770? CVE-2025-53770 is a critical vulnerability with CVSS score of 9.8. It is an unauthenticated RCE vulnerability affecting… Read More »CVE-2025-53770 (“ToolShell”): Critical SharePoint RCE Exploited in the Wild
The cybersecurity landscape during September 3-9, 2025, was dominated by several critical developments that demand immediate attention from security leaders. Most notably, a massive npm supply chain attack compromised over 18 widely-used JavaScript packages with billions of weekly downloads, while two actively exploited Android zero-day vulnerabilities (CVE-2025-38352 and CVE-2025-48543) underscored the persistent threat of mobile… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 03 Sep – 09 Sep, 2025
The week of August 19–25, 2025, witnessed a surge in high-severity exploits and advanced persistent threat campaigns targeting critical enterprise infrastructure. Notable developments include the active exploitation of CVE-2025-8088 in WinRAR, deployment of DripDropper malware via Apache ActiveMQ vulnerabilities, and the global Warlock ransomware campaign leveraging SharePoint vulnerabilities. Concurrently, Arch Linux endured an ongoing DDoS… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 19 Aug – 25 Aug, 2025
The week of August 11-18, 2025 witnessed an unprecedented surge in critical cybersecurity incidents, with multiple zero-day vulnerabilities actively exploited by both nation-state actors and cybercriminal groups. This period marked one of the most volatile weeks in enterprise security, featuring critical vulnerabilities across major security platforms, unprecedented collaboration between notorious threat groups, and significant disruption… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 11 Aug – 18 Aug, 2025