Skip to content

Blog

HPE Networking Instant On Access Points Vulnerabilities (CVE-2025-37103, CVE-2025-37102): Hardening Network Infrastructure

Overview On July 18, 2025, HPE disclosed two vulnerabilities in its Networking Instant On Access APs: CVE-2025-37103 (CVSS 9.8, hard-coded credentials) and CVE-2025-37102 (CVSS 7.2, authenticated command injection). These flaws allow attackers to bypass authentication and execute arbitrary commands with elevated privileges. Explanation CVE-2025-37103 involves hard-coded credentials in HPE Instant On Access Points, enabling attackers… Read More »HPE Networking Instant On Access Points Vulnerabilities (CVE-2025-37103, CVE-2025-37102): Hardening Network Infrastructure

CrushFTP Vulnerability (CVE-2025-54309): Securing File Transfer Services

Overview On July 18, 2025, CrushFTP disclosed a critical vulnerability (CVE-2025-54309, CVSS 9.0) in versions 10 before 10.8.5 and 11 before 11.3.4_23, exploited via HTTP(S) to gain admin access. The flaw, related to AS2 validation mishandling, allows remote attackers to bypass authentication when the DMZ proxy feature is disabled. Explanation The vulnerability arises from improper… Read More »CrushFTP Vulnerability (CVE-2025-54309): Securing File Transfer Services

Microsoft SharePoint Server Zero-Day (CVE-2025-53770): Urgent Patching Required

Overview On July 19, 2025, Microsoft disclosed a critical zero-day vulnerability in SharePoint Server (CVE-2025-53770, CVSS 9.8), actively exploited in large-scale attacks, breaching over 75 organizations. The flaw, a variant of CVE-2025-49704, allows unauthenticated remote code execution (RCE) via deserialization of untrusted data. CISA added it to its Known Exploited Vulnerabilities catalog, urging immediate action.… Read More »Microsoft SharePoint Server Zero-Day (CVE-2025-53770): Urgent Patching Required

Weekly Report: New Hacking Techniques and Critical CVEs July 11-17, 2025

Cyber adversaries intensified efforts this week with two new exploited zero-days, multiple critical vulnerabilities, and fresh ransomware-as-a-service (RaaS) operations adopting AI-driven negotiation panels. The following pages provide an exhaustive, technically focused brief for CISOs and security engineering teams. Modern attack surface expansion and rapid exploit adoption defined the last seven days. Google patched and confirmed… Read More »Weekly Report: New Hacking Techniques and Critical CVEs July 11-17, 2025

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches: July 09-16, 2025

During the week under review, threat actors shifted from high-noise ransomware campaigns to quieter, precision intrusions abusing zero-day or recently patched vulnerabilities and abusing trusted cloud or software-supply-chain services. Fortinet’s FortiWeb, Citrix NetScaler ADC/Gateway and Wing FTP Server all saw in-the-wild exploits within 72 hours of public disclosure—highlighting the narrowing window between a patch release… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches: July 09-16, 2025

Use Cases
Technology
About
Partner
Resources

©2024 FireCompass, All Rights Reserved.