Skip to content

Attack Surface Management (ASM)

React2Shell (CVE-2025-55182): Pre‑Auth RCE In React & Next.js – A Log4Shell‑Style Wake‑Up Call

On 3rd December 2025, a critical remote code execution vulnerability was disclosed in the React Server Components (RSC) ecosystem, widely known as React2Shell and tracked as CVE‑2025‑55182 (React) and CVE‑2025‑66478 (Next.js, later merged into the main CVE). The flaw allows unauthenticated remote code execution (pre‑auth RCE) on servers using React Server Components and frameworks like… Read More »React2Shell (CVE-2025-55182): Pre‑Auth RCE In React & Next.js – A Log4Shell‑Style Wake‑Up Call

Leroy Merlin data breach

Date of Incident: 2023 Overview: In 2023, Leroy Merlin, a company in the retail sector, experienced a data breach resulting in the exposure of customers’ personal information, including full names, phone numbers, email addresses, postal addresses, birth dates, and loyalty program details. There was no evidence of banking data or passwords being compromised, and no… Read More »Leroy Merlin data breach

University of Pennsylvania Oracle E-Business Suite Breach

Date of Incident: August 2025 Overview: In August 2025, the University of Pennsylvania experienced a data breach targeting its Oracle E-Business Suite, attributed to the Clop ransomware group. Attackers exploited a zero-day vulnerability, compromising personal information of 1,488 individuals, with a potential for more. The breach utilized advanced tactics such as SQL injection and remote… Read More »University of Pennsylvania Oracle E-Business Suite Breach

Coupang Data Breach

Date of Incident: June 24, 2025 Overview: The Coupang Data Breach, reported on December 1, 2025, impacting the retail sector, involved unauthorized access to Coupang’s customer database on June 24, 2025. This breach exposed personal information, including full names, phone numbers, email addresses, physical addresses, and order details of 33.7 million customers. Notably, payment information… Read More »Coupang Data Breach

The Coming Shift in Enterprise Cyber Offense : Why Autonomous Penetration Testing Will Redefine Cyber Strategy

1 Introduction Across industries, cybersecurity leaders are confronting a problem that is no longer defined by the strength of their controls, but by the speed at which their environments change. Cloud services now scale in minutes, SaaS ecosystems evolve without central visibility, and DevOps pipelines introduce configuration changes hundreds of times per day. As a… Read More »The Coming Shift in Enterprise Cyber Offense : Why Autonomous Penetration Testing Will Redefine Cyber Strategy

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.