Skip to content

Third Party Risk Management

Weekly Report: New Hacking Techniques and Critical CVEs 28 July – 4 Aug , 2025

From 28 July to 4 August 2025, threat actors leveraged novel AI-assisted malware, zero-day chains against on-prem SharePoint, critical command-injection in CI/CD pipelines, and advanced social-engineering playbooks. Fourteen CVEs reached Critical severity, including two actively exploited zero-days. Dark-web chatter intensified around Medusa and BlackSuit takedown fallout, with ransomware affiliates trading victim data and custom tooling… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 28 July – 4 Aug , 2025

CoinDCX Cryptocurrency Exchange Breach

Overview: Indian crypto exchange CoinDCX was breached, with attackers stealing wallet credentials and transaction data, causing $1.2M in losses. Technical Details: Attack Vector: Exploited CVE-2025-20281 (Cisco ISE injection vulnerability, CVSS 10.0) in a third-party payment gateway’s API endpoint (/admin/XXX) integrated with CoinDCX. Exploitation: Attackers sent crafted POST requests (Content-Type: application/json) with malicious SQL payloads (‘… Read More »CoinDCX Cryptocurrency Exchange Breach

Dior Data Breach

Overview French luxury brand Dior suffered a data breach exposing customer and employee data, attributed to Chinese state-sponsored actors, likely DCHSpy, linked to the ShinyHunters group via a third-party vendor breach (LVMH). Technical Details: Attack Vector: Exploited a misconfigured AWS S3 bucket with public read permissions (“Effect”: “Allow”, “Principal”: “*”) and no IAM role-based controls,… Read More »Dior Data Breach

Ingram Micro Ransomware Attack: Strengthening Supply Chain Risk Assessment

On July 7, 2025, Ingram Micro, one of the world’s largest IT distribution companies, suffered a major ransomware attack, leading to global service disruptions. The company was forced to disconnect affected systems and halt operations temporarily to contain the breach. Services were restored by July 10, 2025, but the ripple effects impacted partners and customers across the supply chain.… Read More »Ingram Micro Ransomware Attack: Strengthening Supply Chain Risk Assessment

GenAi Risks Firecompass and CISO

Generative AI Risks & Impact On CISOs and Their Teams

Generative AI can be used in a variety of applications, including image and speech recognition, natural language processing, and cybersecurity. In the context of cybersecurity, generative AI can be used to learn from existing data or simulation agents and then generate new artifacts. For example, generative cybersecurity AI can be used to develop secure application… Read More »Generative AI Risks & Impact On CISOs and Their Teams

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.