Skip to content

Continuous Automated Red Teaming (CART)

CVE-2025-54253: Pre-Auth RCE – Adobe AEM Forms on JEE Critical OGNL Injection

A critical vulnerability, CVE-2025-54253, was discovered in Adobe Experience Manager (AEM) Forms on JEE, a widely used enterprise Java application platform. This vulnerability arises from improper handling of OGNL expressions in an exposed debug servlet, allowing attackers to bypass authentication and remotely execute arbitrary code. With a maximum severity rating of CVSS 10.0, this vulnerability… Read More »CVE-2025-54253: Pre-Auth RCE – Adobe AEM Forms on JEE Critical OGNL Injection

SonicWall Firewall Configuration Backup Breach

Date of Incident: September 2025 Overview: In September 2025, SonicWall experienced a security incident affecting less than 5% of its firewall install base. The breach involved unauthorized access to firewall configuration backup files via brute-force attacks on the company’s cloud API service. Attackers potentially gained access to sensitive information such as credentials and tokens. While… Read More »SonicWall Firewall Configuration Backup Breach

Insight Partners Ransomware Breach

Date of Incident: October 25, 2024 to January 16, 2025 Overview: The Insight Partners ransomware breach, reported on September 17, 2025, occurred between October 25, 2024, and January 16, 2025. It affected 12,657 individuals and compromised sensitive data, including banking, tax, personal information of past and current employees, and details related to limited partners and… Read More »Insight Partners Ransomware Breach

Weekly Report: New Hacking Techniques and Critical CVEs 09 Sep – 15 Sep, 2025

The final week of August was marked by an unprecedented intersection of SaaS, supply chain, and state infrastructure attacks. Standout incidents included the highly technical s1ngularity AI-assisted supply chain compromise of Nx, the widespread theft of Salesforce and Google data via the Salesloft Drift OAuth breach, and ransomware that brought Nevada’s government services to a… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 09 Sep – 15 Sep, 2025

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 09 Sep – 15 Sep, 2025

Between September 9-15, 2025, three major cybersecurity incidents exemplified persistent and evolving threats against manufacturing, government, and financial services. The Jaguar Land Rover global production shutdown exposed the devastating operational and economic risk from ransomware and supply chain exploitation. INC Ransom’s attack on Panama’s Ministry of Economy and Finance illustrated advanced double extortion tactics impacting… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches 09 Sep – 15 Sep, 2025

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.