FireCompass

Weekly Report: New Hacking Techniques and Critical CVEs 10 Feb – 16 Feb 2026

Priyanka Aash — Tue, 17 Feb 2026 07:19:23 +0000

Critical vulnerabilities dominated with Microsoft Patch Tuesday addressing 6 zero-days (CVE-2026-21510, CVE-2026-21513, CVE-2026-21514, CVE-2026-21519, CVE-2026-21533) exploited in Windows Shell and Office. ZLAN ICS devices face complete takeover via CVE-2026-XXXX series. Warlock ransomware exploited CVE-2026-23760 in SmarterMail. TeamPCP worm compromised 60K cloud servers. North Korea’s UNC1069 deployed AI deepfakes against crypto firms. FileZen command injection (CVE-2026-25108)… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 10 Feb – 16 Feb 2026

The post Weekly Report: New Hacking Techniques and Critical CVEs 10 Feb – 16 Feb 2026 appeared first on FireCompass.

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 10 Feb – 16 Feb 2026

Priyanka Aash — Tue, 17 Feb 2026 06:46:43 +0000

The week of February 10-16, 2026 marked a dangerous acceleration in attacker timelines and technique sophistication. BeyondTrust confirmed active in-the-wild exploitation of CVE-2026-1731 (CVSS 9.9) just 7 days after patch release. Warlock ransomware operators executed a textbook 6-7 day dwell time strategy against SmarterTools before encryption. North Korea’s UNC1069 escalated social engineering with AI-generated deepfake… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 10 Feb – 16 Feb 2026

The post Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 10 Feb – 16 Feb 2026 appeared first on FireCompass.

Louis Vuitton Data Breach

Priyanka Aash — Tue, 17 Feb 2026 05:14:08 +0000

Date of Incident: 2024 Overview: In 2024, Louis Vuitton suffered a data breach affecting 3.6 million customers. Personal information, including names, contact details, and purchase histories, was compromised due to a sophisticated malware infection on an employee’s device that infiltrated their internal SaaS system. The breach involved unauthorized access via command and scripting techniques and… Read More »Louis Vuitton Data Breach

The post Louis Vuitton Data Breach appeared first on FireCompass.

Odido data breach

Priyanka Aash — Fri, 13 Feb 2026 06:59:47 +0000

Date of Incident: Weekend of February 7, 2024 Overview: The Odido data breach occurred over the weekend of February 7, 2024, impacting the telecommunications sector. The breach resulted in unauthorized access to the personal data of 6.2 million customers, exposing details such as full names, addresses, mobile numbers, customer numbers, email addresses, IBANs, dates of… Read More »Odido data breach

The post Odido data breach appeared first on FireCompass.

Conduent Data Breach (Impacting Volvo Group North America)

Priyanka Aash — Wed, 11 Feb 2026 06:04:21 +0000

Date of Incident: October 21, 2024 – January 13, 2025 Overview: The Conduent Data Breach, impacting Volvo Group North America, occurred between October 21, 2024, and January 13, 2025, and was reported on February 10, 2026. This breach exposed personal details of nearly 17,000 customers and staff, including full names, Social Security Numbers, dates of… Read More »Conduent Data Breach (Impacting Volvo Group North America)

The post Conduent Data Breach (Impacting Volvo Group North America) appeared first on FireCompass.

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 3 Feb – 9 Feb 2026

Priyanka Aash — Wed, 11 Feb 2026 05:49:44 +0000

A surge of zero-day exploits, sophisticated AiTM phishing chains, critical infrastructure compromises, and actively exploited CVEs targeted enterprises from February 3-9, 2026—impacting network edges, cloud workflows, energy sectors, and DevOps pipelines worldwide. These incidents reveal attackers’ relentless focus on unpatched appliances, workflow automation flaws, and end-of-support hardware, creating massive operational disruptions, regulatory headaches, and national… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 3 Feb – 9 Feb 2026

The post Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 3 Feb – 9 Feb 2026 appeared first on FireCompass.

Weekly Report: New Hacking Techniques and Critical CVEs 3 Feb- 9 Feb 2026

Priyanka Aash — Tue, 10 Feb 2026 06:34:46 +0000

The week of February 3–9, 2026 saw threat actors increasingly abusing trusted platforms-cloud workloads, Linux‑on‑Windows via WSL, and enterprise‑grade ITSM appliances-to execute stealthy, AI‑accelerated operations. This report highlights four critical CVEs, two new offensive techniques, one national‑level breach, and key darkweb chatter that directly impact modern attack‑surface planning. >>Outpace Attackers With AI-Based Automated Penetration Testing… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 3 Feb- 9 Feb 2026

The post Weekly Report: New Hacking Techniques and Critical CVEs 3 Feb- 9 Feb 2026 appeared first on FireCompass.

UNC3886 breach of Singapore’s four largest telcos

Priyanka Aash — Tue, 10 Feb 2026 05:50:38 +0000

Date of Incident: 2024 Overview: In 2024, the APT group UNC3886 breached Singapore’s four major telecom companies—Singtel, StarHub, M1 Limited, and TPG Telecom. The attackers accessed some critical systems but failed to cause service disruptions or access sensitive customer data. Techniques used included exploiting public-facing applications and leveraging valid accounts, with attempts at lateral movement… Read More »UNC3886 breach of Singapore’s four largest telcos

The post UNC3886 breach of Singapore’s four largest telcos appeared first on FireCompass.

European Commission Mobile Device Management Breach

Priyanka Aash — Tue, 10 Feb 2026 05:34:07 +0000

Date of Incident: 2026-01-30 Overview: The European Commission experienced a security breach in their Mobile Device Management (MDM) system on January 30, 2026, which was reported on February 9, 2026. The breach affected staff members’ personal information, including names and phone numbers, but did not compromise the mobile devices themselves. Attackers leveraged MITRE ATT&CK techniques… Read More »European Commission Mobile Device Management Breach

The post European Commission Mobile Device Management Breach appeared first on FireCompass.

The AI Shift in Offensive Security: From Manual to Autonomous Agents

Priyanka Aash — Mon, 09 Feb 2026 10:39:09 +0000

AI is fundamentally reshaping how offensive security operates. What was once a manual, checklist-driven exercise conducted once or twice a year is rapidly evolving into continuous, autonomous testing powered by intelligent agents. In this exclusive FireCompass webinar, industry leaders explored what this shift means for attackers, defenders, and security leaders navigating an increasingly hostile threat… Read More »The AI Shift in Offensive Security: From Manual to Autonomous Agents

The post The AI Shift in Offensive Security: From Manual to Autonomous Agents appeared first on FireCompass.

Flickr Data Breach

Priyanka Aash — Mon, 09 Feb 2026 09:27:30 +0000

Date of Incident: 2026-02-05 Overview: The Flickr Data Breach, reported on February 6, 2026, involved the exposure of user data including real names, email addresses, IP addresses, usernames, account types, general location, and platform activity. However, passwords and payment card details remained secure. The breach likely resulted from an exploitation of a vulnerability or compromised… Read More »Flickr Data Breach

The post Flickr Data Breach appeared first on FireCompass.

Spain’s Ministry of Science Cyberattack

Priyanka Aash — Fri, 06 Feb 2026 06:44:52 +0000

Date of Incident: 2023 Overview: In 2023, Spain’s Ministry of Science suffered a significant cyberattack, leading to the partial shutdown of its IT systems and suspension of key administrative services impacting researchers, universities, and students. The breach involved the use of custom PowerShell scripts for lateral movement and ransomware deployment, exploiting valid accounts for initial… Read More »Spain’s Ministry of Science Cyberattack

The post Spain’s Ministry of Science Cyberattack appeared first on FireCompass.

Substack Data Breach

Priyanka Aash — Fri, 06 Feb 2026 06:22:04 +0000

Date of Incident: October 2025 Overview: In October 2025, Substack experienced a data breach where unauthorized access led to the theft of 697,313 user records, involving email addresses, phone numbers, and internal metadata. Credentials and financial information remained secure, but the exposed personal data heightened the risk of phishing attacks. The breach exploited exposed APIs… Read More »Substack Data Breach

The post Substack Data Breach appeared first on FireCompass.

Betterment Data Breach

Priyanka Aash — Fri, 06 Feb 2026 06:07:17 +0000

Date of Incident: January 2024 Overview: The Betterment Data Breach, reported in February 2026, occurred in January 2024, impacting the finance sector. Hackers exploited social engineering tactics to steal personal information from 1.4 million accounts, including emails, names, and geographic data. Despite the data exposure, customer accounts, passwords, and login details remained secure. Attackers sent… Read More »Betterment Data Breach

The post Betterment Data Breach appeared first on FireCompass.

Coinbase Insider Breach December 2024

Priyanka Aash — Fri, 06 Feb 2026 05:48:11 +0000

Date of Incident: December 2024 Overview: In December 2024, Coinbase experienced an insider breach where a contractor improperly accessed sensitive customer data belonging to about 30 users. The breach involved unauthorized use of support tools to obtain personal information, including email addresses, names, dates of birth, phone numbers, KYC details, and cryptocurrency wallet data. The… Read More »Coinbase Insider Breach December 2024

The post Coinbase Insider Breach December 2024 appeared first on FireCompass.

Press Release: FireCompass Launches AI Agents for Autonomous Web and API Penetration Testing With Freemium Access

Priyanka Aash — Thu, 05 Feb 2026 15:41:55 +0000

Start in minutes and validate exploitable paths across web apps, APIs, and external infrastructure. BOSTON, MA, UNITED STATES, February 5, 2026 – FireCompass today announced the launch of Explorer, a credit-based freemium model designed to make proof-based web and API penetration testing easy to start, evaluate, and expand. The new “FireCompass Explorer” experience gives security teams immediate,… Read More »Press Release: FireCompass Launches AI Agents for Autonomous Web and API Penetration Testing With Freemium Access

The post Press Release: FireCompass Launches AI Agents for Autonomous Web and API Penetration Testing With Freemium Access appeared first on FireCompass.

AI in Offensive Security: Redefining Pen Testing and Red Teaming

Priyanka Aash — Wed, 04 Feb 2026 08:27:09 +0000

AI in Offensive Security: Redefining Pen Testing and Red Teaming In a landmark keynote at Hacker Halted 2025 in Atlanta, US, Bikash Barai, Founder & CEO of FireCompass, shared his insights on how AI and automation are fundamentally transforming offensive security, penetration testing, and red teaming. The session highlighted the rapidly evolving cyber landscape, demonstrating… Read More »AI in Offensive Security: Redefining Pen Testing and Red Teaming

The post AI in Offensive Security: Redefining Pen Testing and Red Teaming appeared first on FireCompass.

Weekly Report: New Hacking Techniques and Critical CVEs 27 Jan- 2 Feb 2026

Priyanka Aash — Wed, 04 Feb 2026 07:00:13 +0000

This week witnessed a critical surge in zero-day exploitation, mass-scale data breaches, and advanced persistence techniques targeting enterprise infrastructure across multiple verticals. Five confirmed critical vulnerabilities entered active exploitation phase, with 13 KEV (Known Exploited Vulnerability) additions recorded by CISA. The threat landscape reflects a strategic shift from encryption-based ransomware toward data exfiltration and extortion… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 27 Jan- 2 Feb 2026

The post Weekly Report: New Hacking Techniques and Critical CVEs 27 Jan- 2 Feb 2026 appeared first on FireCompass.

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 27 Jan – 2 Feb 2026

Priyanka Aash — Wed, 04 Feb 2026 06:16:00 +0000

This week saw three critical attack vectors converge: network perimeter takeover via Fortinet CVE-2026-24858, state-sponsored Office zero-day exploitation by APT28, and antivirus supply chain compromise through eScan’s update infrastructure. Attackers demonstrated unprecedented speed—weaponizing fresh vulnerabilities within 72 hours and leveraging trusted security software distribution channels for malware delivery. Key Metrics: 3 critical vulnerabilities actively exploited… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 27 Jan – 2 Feb 2026

The post Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 27 Jan – 2 Feb 2026 appeared first on FireCompass.

Iron Mountain Data Breach

Priyanka Aash — Wed, 04 Feb 2026 05:37:30 +0000

Date of Incident: 2025 Overview: The Iron Mountain Data Breach occurred in 2025 and was reported on February 3, 2026. It involved unauthorized access to marketing materials due to compromised credentials. The breach was limited to a single folder, with no customer confidential data, sensitive information, ransomware, or malware involved. The MITRE ATT&CK framework identified… Read More »Iron Mountain Data Breach

The post Iron Mountain Data Breach appeared first on FireCompass.

Panera Bread Data Breach

Priyanka Aash — Tue, 03 Feb 2026 06:13:52 +0000

Date of Incident: January 2026 Overview: In January 2026, Panera Bread experienced a data breach that exposed 5.1 million unique email addresses and associated personal information such as names, phone numbers, and physical addresses, along with the personal data of over 26,000 employees. The breach occurred due to a vulnerability in Panera Bread’s customer database,… Read More »Panera Bread Data Breach

The post Panera Bread Data Breach appeared first on FireCompass.

NationStates data breach

Priyanka Aash — Tue, 03 Feb 2026 05:34:53 +0000

Date of Incident: January 27, 2026 Overview: The NationStates data breach, reported on February 2, 2026, involved an unauthorized remote code execution on the company’s production server on January 27, 2026. Attackers accessed and copied user data, including email addresses, MD5 hashed passwords, IP addresses, UserAgent strings, and potential private messages. The website was taken… Read More »NationStates data breach

The post NationStates data breach appeared first on FireCompass.

SonicWall cloud backup hack leading to Marquis ransomware attack

Priyanka Aash — Fri, 30 Jan 2026 07:43:08 +0000

Date of Incident: August 2025 Overview: In August 2025, a breach involving SonicWall’s cloud backup led to a ransomware attack on Marquis Software Systems, significantly impacting numerous US banks and credit unions. The attack exploited vulnerabilities in SonicWall’s firewall management system. Threat actors gained unauthorized access, stole firewall configuration files, and used them for lateral… Read More »SonicWall cloud backup hack leading to Marquis ransomware attack

The post SonicWall cloud backup hack leading to Marquis ransomware attack appeared first on FireCompass.

Match Group Data Breach

Priyanka Aash — Fri, 30 Jan 2026 07:27:06 +0000

Date of Incident: 2023 Overview: In 2023, Match Group experienced a data breach attributed to the ShinyHunters threat group, which leaked approximately 1.7 GB of files containing data on 10 million users from brands like Hinge, Match, and OkCupid. The breach involved unauthorized access through valid credentials, exploiting technique T1078 (Valid Accounts), but there was… Read More »Match Group Data Breach

The post Match Group Data Breach appeared first on FireCompass.

France Travail Data Breach 2024

Priyanka Aash — Fri, 30 Jan 2026 07:15:24 +0000

Date of Incident: Early 2024 Overview: The France Travail Data Breach of 2024 involved a large-scale social engineering attack that compromised the personal information of approximately 43 million individuals. Key data such as names, dates of birth, national insurance numbers, emails, home addresses, and phone numbers were stolen, though bank details and passwords remained secure.… Read More »France Travail Data Breach 2024

The post France Travail Data Breach 2024 appeared first on FireCompass.

Panel Brief | Top Breaches in Cyber Security in 2025

Priyanka Aash — Thu, 29 Jan 2026 10:13:54 +0000

Executive Summary By the end of 2025, one reality became impossible to ignore: the barrier to executing high-impact cyberattacks has collapsed. The most damaging breaches of the year were not driven by novel zero-days or exotic techniques. Instead, they reflected something more concerning-capabilities once limited to nation-state or elite criminal groups are now widely accessible.… Read More »Panel Brief | Top Breaches in Cyber Security in 2025

The post Panel Brief | Top Breaches in Cyber Security in 2025 appeared first on FireCompass.

Weekly Report: New Hacking Techniques and Critical CVEs 20 Jan – 26 Jan 2026

Priyanka Aash — Thu, 29 Jan 2026 06:11:12 +0000

Three actively exploited zero-days, two CVSS 10.0 flaws, and critical supply chain compromises. Threat activity spans infrastructure (Cisco, Microsoft, Fortinet), AI/DevOps platforms (n8n, Chainlit, Zoom), and legacy systems. Dominant pattern: improper input validation enabling unauthenticated infrastructure takeover. Key Metrics: 3 zero-days exploited | 2 CVSS 10.0 flaws | 509 GB (ASRock Rack) + 861 GB… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 20 Jan – 26 Jan 2026

The post Weekly Report: New Hacking Techniques and Critical CVEs 20 Jan – 26 Jan 2026 appeared first on FireCompass.

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 20 Jan – 26 Jan 2026

Priyanka Aash — Wed, 28 Jan 2026 09:48:20 +0000

This week witnessed a confluence of critical cyber incidents spanning ransomware extortion, zero-day vulnerabilities, and state-sponsored APT campaigns targeting critical infrastructure and Fortune 500 companies. Notable incidents include Nike’s 1.4TB WorldLeaks data leak exposing R&D and manufacturing data, McDonald’s India’s 861GB Everest ransomware exfiltration affecting millions of customer records, Fortinet’s CVE-2026-24858 critical zero-day enabling unauthorized… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 20 Jan – 26 Jan 2026

The post Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 20 Jan – 26 Jan 2026 appeared first on FireCompass.

Nike Data Breach by World Leaks Ransomware Gang

Priyanka Aash — Wed, 28 Jan 2026 07:20:53 +0000

Date of Incident: January 2025 Overview: In January 2025, Nike fell victim to a cyberattack by the World Leaks ransomware gang, which exploited vulnerabilities in Nike’s corporate network. The breach resulted in the leak of nearly 190,000 files, revealing sensitive corporate data that could potentially compromise consumer privacy and business operations. The attackers used sophisticated… Read More »Nike Data Breach by World Leaks Ransomware Gang

The post Nike Data Breach by World Leaks Ransomware Gang appeared first on FireCompass.

SoundCloud Data Breach

Priyanka Aash — Wed, 28 Jan 2026 07:04:47 +0000

Date of Incident: December 15, 2025 Overview: In December 2025, SoundCloud experienced a data breach that compromised the personal and contact information of over 29.8 million user accounts. The breach, reported in January 2026, involved unauthorized access through weak API authentication and possibly compromised employee credentials. Attackers targeted the Broadcasting, Media & Internet sector, specifically… Read More »SoundCloud Data Breach

The post SoundCloud Data Breach appeared first on FireCompass.

Weekly Report: New Hacking Techniques and Critical CVEs 13 Jan- 19 Jan 2026

Priyanka Aash — Tue, 27 Jan 2026 09:18:13 +0000

The post Weekly Report: New Hacking Techniques and Critical CVEs 13 Jan- 19 Jan 2026 appeared first on FireCompass.

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 13 Jan – 19 Jan 2026

Priyanka Aash — Fri, 23 Jan 2026 07:36:21 +0000

The week of January 13-19, 2026, saw 5 critical incidents impacting enterprise infrastructure. Key threats: zero-day RCE exploitation, patch bypass attacks, AI vulnerabilities, and sophisticated malware campaigns. Critical Trends: Zero-day exploitation in production (Cisco CVE-2026-20045) Patch bypass in 48 hours (SmarterMail) AI-native vulnerabilities (Google Gemini) Ransomware backdoor adoption (PDFSIDER) Voice-based phishing with real-time MFA bypass… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 13 Jan – 19 Jan 2026

The post Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 13 Jan – 19 Jan 2026 appeared first on FireCompass.

PcComponentes Credential Stuffing Attack

Priyanka Aash — Fri, 23 Jan 2026 05:52:47 +0000

Date of Incident: 2024-04 Overview: In a credential stuffing attack reported in January 2026 but occurring in April 2024, PcComponentes, a retail company, experienced a breach resulting in the exposure of order details, physical addresses, full names, phone numbers, IP addresses, product wishlists, and customer support messages for a small number of accounts. Attackers used… Read More »PcComponentes Credential Stuffing Attack

The post PcComponentes Credential Stuffing Attack appeared first on FireCompass.

Supreme Court Electronic Filing System Hack

Priyanka Aash — Tue, 20 Jan 2026 08:11:45 +0000

Date of Incident: August to October 2023 Overview: The Supreme Court of the United States experienced a significant security breach in its electronic filing system between August and October 2023, disclosed in January 2026. Unauthorized access allowed the attacker to leak confidential details and victim names on Instagram. The breach leveraged techniques mapped to MITRE… Read More »Supreme Court Electronic Filing System Hack

The post Supreme Court Electronic Filing System Hack appeared first on FireCompass.

Ingram Micro ransomware attack

Priyanka Aash — Tue, 20 Jan 2026 06:58:35 +0000

Date of Incident: July 2-3, 2025 Overview: In July 2025, Ingram Micro experienced a ransomware attack, resulting in a data breach impacting over 42,000 individuals. The attackers deployed ransomware through phishing and exploited vulnerabilities in public-facing applications. Critical system files were encrypted, and documents containing personal information, such as Social Security numbers and government IDs,… Read More »Ingram Micro ransomware attack

The post Ingram Micro ransomware attack appeared first on FireCompass.

CIRO Data Breach

Priyanka Aash — Mon, 19 Jan 2026 05:52:06 +0000

Date of Incident: 2023-08-11 Overview: The CIRO Data Breach, reported on January 18, 2026, affected approximately 750,000 Canadian investors by exposing sensitive personal information, including dates of birth, social insurance numbers, and investment details. Occurring on August 11, 2023, the breach involved unauthorized access to CIRO’s internal systems using credential dumping techniques and included lateral… Read More »CIRO Data Breach

The post CIRO Data Breach appeared first on FireCompass.

Grubhub Data Breach 2025

Priyanka Aash — Mon, 19 Jan 2026 05:34:38 +0000

Date of Incident: 2025 Overview: In the Grubhub Data Breach of 2025, hackers from the ShinyHunters group accessed Grubhub’s systems, targeting older Salesforce and newer Zendesk data. The breach, discovered and reported in early 2026, left financial information and order history untouched. Attackers utilized MITRE ATT&CK techniques T1078 (Valid Accounts) and T1566 (Phishing) to infiltrate… Read More »Grubhub Data Breach 2025

The post Grubhub Data Breach 2025 appeared first on FireCompass.

Weekly Report: New Hacking Techniques and Critical CVEs 7 Jan – 12 Jan 2026

Priyanka Aash — Thu, 15 Jan 2026 09:35:19 +0000

Between January 7-12, 2026, four developments stand out for enterprise defenders: n8n CVE-2026-21858 (Ni8mare): A maximum-severity (CVSS 10.0) unauthenticated remote code execution vulnerability in n8n workflow automation platform, enabling complete infrastructure takeover through content-type confusion. The vulnerability was disclosed January 7, 2026, with proof-of-concept exploit publicly available; 26,500+ internet-exposed instances remain at risk. Trust Wallet… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 7 Jan – 12 Jan 2026

The post Weekly Report: New Hacking Techniques and Critical CVEs 7 Jan – 12 Jan 2026 appeared first on FireCompass.

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 7 Jan – 12 Jan 2026

Priyanka Aash — Thu, 15 Jan 2026 07:10:41 +0000

The first full operational week of 2026 (January 7-12) shattered expectations with a cascade of maximum-severity vulnerabilities and mass-scale data exposures. The week was dominated by Cyera’s disclosure of CVE-2026-21858 (Ni8mare)-a CVSS 10.0 unauthenticated RCE in n8n workflow automation affecting ~100,000 instances globally-and the re-emergence of 17.5 million Instagram user records on dark web forums,… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 7 Jan – 12 Jan 2026

The post Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 7 Jan – 12 Jan 2026 appeared first on FireCompass.

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 1 Jan – 6 Jan 2026

Priyanka Aash — Wed, 07 Jan 2026 07:25:19 +0000

The first week of 2026 confirmed a clear trend: attackers are shifting from noisy infrastructure takeovers to trust abuse and perception manipulation. Instead of large, unambiguous “smash-and-grab” breaches, the week was shaped by: A high‑profile but non‑production NordVPN “breach” claim, weaponizing incomplete test data exposure and social perception. An escalation in Russia‑aligned UAC‑0184 espionage using… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 1 Jan – 6 Jan 2026

The post Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 1 Jan – 6 Jan 2026 appeared first on FireCompass.

Weekly Report: New Hacking Techniques and Critical CVEs 26 Dec – 31 Dec 2025

Priyanka Aash — Mon, 05 Jan 2026 07:05:12 +0000

The final week of 2025 (December 26-31) featured NVD publication of multiple critical CVEs including root RCE in Xspeeder SXZOS (CVE-2025-54322) and high-severity deserialization flaws, alongside reports of MongoBleed memory leaks in MongoDB and sustained scans on legacy FortiOS/Adobe ColdFusion vulnerabilities. Dark web forums pushed unrestricted AI tools like DIG AI for malware generation and… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 26 Dec – 31 Dec 2025

The post Weekly Report: New Hacking Techniques and Critical CVEs 26 Dec – 31 Dec 2025 appeared first on FireCompass.

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 18 Dec – 25 Dec 2025

Priyanka Aash — Tue, 30 Dec 2025 08:18:19 +0000

The holiday week of December 18–25, 2025, defied the traditional “quiet period,” characterized instead by high-impact disclosures and active exploitation of critical infrastructure. The week was dominated by Cisco’s confirmation of a zero-day (CVE-2025-20393) in its secure email gateways, actively exploited by China-nexus APTs. On the data breach front, major insurance provider Aflac disclosed a… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 18 Dec – 25 Dec 2025

The post Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 18 Dec – 25 Dec 2025 appeared first on FireCompass.

Weekly Report: New Hacking Techniques and Critical CVEs 18 Dec – 25 Dec 2025

Priyanka Aash — Tue, 30 Dec 2025 07:25:59 +0000

The week of December 18-25, 2025 saw sustained active exploitation of critical network appliance vulnerabilities including Cisco CVE-2025-20393 (CVSS 10.0) and Fortinet SSO bypass flaws. No major data breaches with confirmed incident dates strictly within this 7-day period were identified from prioritized sources. Emerging threats included Cellik Android RAT with Play Store integration capabilities and… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 18 Dec – 25 Dec 2025

The post Weekly Report: New Hacking Techniques and Critical CVEs 18 Dec – 25 Dec 2025 appeared first on FireCompass.

Korean Air Data Breach

Priyanka Aash — Tue, 30 Dec 2025 05:24:34 +0000

Date of Incident: November 2025 Overview: The Korean Air data breach, reported in December 2025, compromised the personal information of approximately 30,000 employees, including names and bank account numbers. The breach exploited vulnerabilities in the company’s ERP system, utilizing tactics such as exploitation of remote services and account access removal. This incident affected the transportation… Read More »Korean Air Data Breach

The post Korean Air Data Breach appeared first on FireCompass.

Weekly Report: New Hacking Techniques and Critical CVEs 10 Dec – 17 Dec 2025

Priyanka Aash — Fri, 19 Dec 2025 06:59:34 +0000

The week of December 10-17, 2025 witnessed unprecedented velocity in critical vulnerability exploitation and nation-state targeting of global infrastructure. Five CVSS 10.0/9.8-rated vulnerabilities entered active exploitation phases within 72 hours of disclosure, impacting 644,000+ domains and requiring emergency government directives. Simultaneously, APT36 demonstrated Linux-specific espionage capabilities against Indian government infrastructure, ToddyCat expanded email harvesting operations,… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 10 Dec – 17 Dec 2025

The post Weekly Report: New Hacking Techniques and Critical CVEs 10 Dec – 17 Dec 2025 appeared first on FireCompass.

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 10 Dec – 17 Dec 2025

Priyanka Aash — Thu, 18 Dec 2025 17:40:10 +0000

This week (December 10–17, 2025) has been defined by state-level vulnerability exploitation and critical infrastructure sieges. The most significant strategic development is the confirmation of a successful breach of the French Interior Ministry, driven not by a zero-day, but by fundamental hygiene failures—a stark reminder that nation-state targets are often compromised via the path of… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 10 Dec – 17 Dec 2025

The post Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 10 Dec – 17 Dec 2025 appeared first on FireCompass.

Autonomous Penetration Testing Is Growing Up

Arnab Chattopadhayay — Thu, 18 Dec 2025 16:21:00 +0000

For the last few years, autonomous penetration testing has been defined by proof of possibility that machines can plan and execute attacks without human operators. That question has been answered. The real question today is far more important: Can autonomous penetration testing operate credibly inside real enterprise environments continuously, safely, and at scale? At FireCompass,… Read More »Autonomous Penetration Testing Is Growing Up

The post Autonomous Penetration Testing Is Growing Up appeared first on FireCompass.

AI and the Future of Offensive Security: Insights from Bruce Schneier and Bikash Barai

Priyanka Aash — Wed, 17 Dec 2025 08:56:35 +0000

In a recent Fireside Chat, Bruce Schneier- renowned cryptographer, Harvard professor, and one of the most influential voices in cybersecurity- joined Bikash Barai, Founder & CEO of FireCompass, to discuss how AI is fundamentally reshaping pentesting, red teaming, and the future of cyber defense. Watch the Full Fireside Chat Recording Gain first-hand insights from Bruce… Read More »AI and the Future of Offensive Security: Insights from Bruce Schneier and Bikash Barai

The post AI and the Future of Offensive Security: Insights from Bruce Schneier and Bikash Barai appeared first on FireCompass.

Weekly Report: New Hacking Techniques and Critical CVEs 2 Dec – 10 Dec 2025

Priyanka Aash — Thu, 11 Dec 2025 09:18:17 +0000

Between 2-10 December 2025, three developments stand out for enterprise defenders: Shai-Hulud 2.0 npm worm: A rapidly evolving supply chain threat abusing npm and GitHub Actions to build a self-propagating CI/CD worm, with active reporting and defensive guidance released during this week. The underlying campaign began in September but continued and evolved into December, especially… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 2 Dec – 10 Dec 2025

The post Weekly Report: New Hacking Techniques and Critical CVEs 2 Dec – 10 Dec 2025 appeared first on FireCompass.

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 2 Dec – 10 Dec 2025

Priyanka Aash — Thu, 11 Dec 2025 06:58:53 +0000

From December 2-10, 2025, disclosures around an Oracle E‑Business Suite campaign, a large third‑party fintech breach, and several sector‑specific data exposures highlighted how platform and vendor compromises are driving multi‑organization risk. University of Phoenix confirmed a significant Oracle EBS breach tied to CVE‑2025‑61882, Marquis Software’s ransomware breach impacted over 74 U.S. banks and credit unions,… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 2 Dec – 10 Dec 2025

The post Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 2 Dec – 10 Dec 2025 appeared first on FireCompass.