Skip to content

RCE

Weekly Report: New Hacking Techniques and Critical CVEs 19 Aug – 25 Aug, 2025

The week of August 19–25, 2025, witnessed a surge in high-severity exploits and advanced persistent threat campaigns targeting critical enterprise infrastructure. Notable developments include the active exploitation of CVE-2025-8088 in WinRAR, deployment of DripDropper malware via Apache ActiveMQ vulnerabilities, and the global Warlock ransomware campaign leveraging SharePoint vulnerabilities. Concurrently, Arch Linux endured an ongoing DDoS… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 19 Aug – 25 Aug, 2025

Weekly Report: New Hacking Techniques and Critical CVEs 11 Aug – 18 Aug, 2025

The week of August 11-18, 2025 witnessed an unprecedented surge in critical cybersecurity incidents, with multiple zero-day vulnerabilities actively exploited by both nation-state actors and cybercriminal groups. This period marked one of the most volatile weeks in enterprise security, featuring critical vulnerabilities across major security platforms, unprecedented collaboration between notorious threat groups, and significant disruption… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 11 Aug – 18 Aug, 2025

CVE-2025-20281 (Cisco ISE)

Description:  Injection vulnerability in Cisco ISE API enabling unauthenticated RCE. Technical Details: CVSS Score: 10.0 (Critical) Exploit: Attackers submit crafted POST requests to /admin/XXX endpoints with malicious JSON payloads ({“command”:”exec”}), exploiting insufficient input validation to execute code with root privileges. Bobby Gould’s PoC showed unsafe deserialization in JSON inputs, enabling RCE from Chinese IPs (e.g.,… Read More »CVE-2025-20281 (Cisco ISE)

CoinDCX Cryptocurrency Exchange Breach

Overview: Indian crypto exchange CoinDCX was breached, with attackers stealing wallet credentials and transaction data, causing $1.2M in losses. Technical Details: Attack Vector: Exploited CVE-2025-20281 (Cisco ISE injection vulnerability, CVSS 10.0) in a third-party payment gateway’s API endpoint (/admin/XXX) integrated with CoinDCX. Exploitation: Attackers sent crafted POST requests (Content-Type: application/json) with malicious SQL payloads (‘… Read More »CoinDCX Cryptocurrency Exchange Breach

CVE-2025-53770 (Microsoft SharePoint)

Description: Deserialization vulnerability enabling unauthenticated RCE via the /_layouts/15/ToolPane.aspx endpoint. Technical Details: CVSS Score: 9.8 (Critical) Exploit: Attackers craft malicious ASPX payloads (spinstall0.aspx) to exploit unsafe deserialization, extracting ValidationKey and DecryptionKey from __VIEWSTATE. Spoofed Referer headers (/layouts/SignOut.aspx) bypass authentication. The exploit chains with CVE-2025-49704 (spoofing, CVSS 8.8) and CVE-2025-49706 (RCE bypass), deploying .dll payloads (SHA256:… Read More »CVE-2025-53770 (Microsoft SharePoint)

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.