For the last few years, autonomous penetration testing has been defined by proof of possibility that machines can plan and execute attacks without human operators. That question has been answered. The real question today is far more important: Can autonomous penetration testing operate credibly inside real enterprise environments continuously, safely, and at scale? At FireCompass,… Read More »Autonomous Penetration Testing Is Growing Up
Date of Incident: August 9-14, 2025 Overview: Cox Enterprises recently suffered a breach of its Oracle E-Business Suite, exploited by the Cl0p ransomware group through a zero-day vulnerability. Occurring between August 9-14, 2025, this attack exposed the personal data of 9,479 individuals. The Cl0p group utilized this vulnerability to inject ransomware, encrypting files and publishing… Read More »Cox Enterprises Oracle E-Business Suite Zero-Day Breach
In another blow to consumer data privacy, European retail giant Auchan has confirmed a data breach that impacted several hundred thousand of its customers. The breach specifically targeted customer loyalty accounts and resulted in the unauthorized exposure of sensitive personal information. >>Outpace Attackers With AI-Based Automated Penetration Testing What Was Exposed? Auchan’s loyalty program, a… Read More »Auchan Data Breach: Loyalty Program Compromise Exposes Customer Information
From 28 July to 4 August 2025, threat actors leveraged novel AI-assisted malware, zero-day chains against on-prem SharePoint, critical command-injection in CI/CD pipelines, and advanced social-engineering playbooks. Fourteen CVEs reached Critical severity, including two actively exploited zero-days. Dark-web chatter intensified around Medusa and BlackSuit takedown fallout, with ransomware affiliates trading victim data and custom tooling… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 28 July – 4 Aug , 2025
Overview: Indian crypto exchange CoinDCX was breached, with attackers stealing wallet credentials and transaction data, causing $1.2M in losses. Technical Details: Attack Vector: Exploited CVE-2025-20281 (Cisco ISE injection vulnerability, CVSS 10.0) in a third-party payment gateway’s API endpoint (/admin/XXX) integrated with CoinDCX. Exploitation: Attackers sent crafted POST requests (Content-Type: application/json) with malicious SQL payloads (‘… Read More »CoinDCX Cryptocurrency Exchange Breach