Skip to content

Third Party Risk Management

CoinDCX Cryptocurrency Exchange Breach

Overview: Indian crypto exchange CoinDCX was breached, with attackers stealing wallet credentials and transaction data, causing $1.2M in losses. Technical Details: Attack Vector: Exploited CVE-2025-20281 (Cisco ISE injection vulnerability, CVSS 10.0) in a third-party payment gateway’s API endpoint (/admin/XXX) integrated with CoinDCX. Exploitation: Attackers sent crafted POST requests (Content-Type: application/json) with malicious SQL payloads (‘… Read More »CoinDCX Cryptocurrency Exchange Breach

Dior Data Breach

Overview French luxury brand Dior suffered a data breach exposing customer and employee data, attributed to Chinese state-sponsored actors, likely DCHSpy, linked to the ShinyHunters group via a third-party vendor breach (LVMH). Technical Details: Attack Vector: Exploited a misconfigured AWS S3 bucket with public read permissions (“Effect”: “Allow”, “Principal”: “*”) and no IAM role-based controls,… Read More »Dior Data Breach

Ingram Micro Ransomware Attack: Strengthening Supply Chain Risk Assessment

On July 7, 2025, Ingram Micro, one of the world’s largest IT distribution companies, suffered a major ransomware attack, leading to global service disruptions. The company was forced to disconnect affected systems and halt operations temporarily to contain the breach. Services were restored by July 10, 2025, but the ripple effects impacted partners and customers across the supply chain.… Read More »Ingram Micro Ransomware Attack: Strengthening Supply Chain Risk Assessment

GenAi Risks Firecompass and CISO

Generative AI Risks & Impact On CISOs and Their Teams

Generative AI can be used in a variety of applications, including image and speech recognition, natural language processing, and cybersecurity. In the context of cybersecurity, generative AI can be used to learn from existing data or simulation agents and then generate new artifacts. For example, generative cybersecurity AI can be used to develop secure application… Read More »Generative AI Risks & Impact On CISOs and Their Teams

Monthly Breach Report August 2020 – FireCompass

      Kiwi Bank Breach Kiwibank is investigating how it sent 4200 customers an email or online bank statement with their own account number, name and address, but another person’s transaction history. The commissioner, John Edwards, said some people will be identifiable by the statements and information sent. “We generally have an expectation that… Read More »Monthly Breach Report August 2020 – FireCompass

Use Cases
Technology
About
Partner
Resources

©2024 FireCompass, All Rights Reserved.