breach_cve_trends

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 28 July – 4 Aug, 2025

August 5, 2025August 5, 2025

During the week of 28 July – 4 August 2025, eight major cybersecurity incidents were disclosed across leading industry outlets. Adversaries leveraged zero-day exploits, social engineering, supply-chain compromises, misconfigurations, and phishing campaigns to exfiltrate sensitive data, deploy ransomware, and abuse infrastructure. Impacts ranged from private-message exposure to operational disruption of critical infrastructure. >>Outpace Attackers With… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 28 July – 4 Aug, 2025

CVE-2025-43712: JHipster Platform Privilege Escalation Vulnerability Discovered by FireCompass Research, Added to NIST

July 31, 2025July 31, 2025

Product Name: JHipster Platform Vulnerability: Privilege Escalation via Response Manipulation Vulnerable Versions: Up to 8.9.0 CVE: CVE-2025-43712 Discovered by: Hritik Godara, FireCompass Research Team Researchers from the FireCompass Security Team discovered a privilege escalation vulnerability in the JHipster Platform (up to v8.9.0). The issue was identified in how the application processes authentication responses—specifically, improper server-side validation of user roles… Read More »CVE-2025-43712: JHipster Platform Privilege Escalation Vulnerability Discovered by FireCompass Research, Added to NIST

CVE-2025-20281 (Cisco ISE)

July 29, 2025July 30, 2025

Description: Injection vulnerability in Cisco ISE API enabling unauthenticated RCE. Technical Details: CVSS Score: 10.0 (Critical) Exploit: Attackers submit crafted POST requests to /admin/XXX endpoints with malicious JSON payloads ({“command”:”exec”}), exploiting insufficient input validation to execute code with root privileges. Bobby Gould’s PoC showed unsafe deserialization in JSON inputs, enabling RCE from Chinese IPs (e.g.,… Read More »CVE-2025-20281 (Cisco ISE)

CoinDCX Cryptocurrency Exchange Breach

July 29, 2025July 30, 2025

Overview: Indian crypto exchange CoinDCX was breached, with attackers stealing wallet credentials and transaction data, causing $1.2M in losses. Technical Details: Attack Vector: Exploited CVE-2025-20281 (Cisco ISE injection vulnerability, CVSS 10.0) in a third-party payment gateway’s API endpoint (/admin/XXX) integrated with CoinDCX. Exploitation: Attackers sent crafted POST requests (Content-Type: application/json) with malicious SQL payloads (‘… Read More »CoinDCX Cryptocurrency Exchange Breach

CVE-2025-2776 (SysAid On-Prem)

July 29, 2025July 30, 2025

Description: Vulnerability enabling administrator takeover via XML-based exploits. Technical Details: CVSS Score: 9.2 (Critical) Exploit: Attackers exploit weak XML validation to inject payloads that modify role_id fields (<user><role_id>admin</role_id></user>), escalating to admin privileges. The attack targets /api/v1/admin endpoints, chaining with CVE-2025-2775 for initial data access. Persistence is achieved via modified user accounts with SSH keys added… Read More »CVE-2025-2776 (SysAid On-Prem)

breach_cve_trends

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 28 July – 4 Aug, 2025

CVE-2025-43712: JHipster Platform Privilege Escalation Vulnerability Discovered by FireCompass Research, Added to NIST

CVE-2025-20281 (Cisco ISE)

CoinDCX Cryptocurrency Exchange Breach

CVE-2025-2776 (SysAid On-Prem)

Use Cases

Technology

About

Partner

Resources