Skip to content

RCE

Microsoft SharePoint Server Zero-Day (CVE-2025-53770): Urgent Patching Required

Overview On July 19, 2025, Microsoft disclosed a critical zero-day vulnerability in SharePoint Server (CVE-2025-53770, CVSS 9.8), actively exploited in large-scale attacks, breaching over 75 organizations. The flaw, a variant of CVE-2025-49704, allows unauthenticated remote code execution (RCE) via deserialization of untrusted data. CISA added it to its Known Exploited Vulnerabilities catalog, urging immediate action.… Read More »Microsoft SharePoint Server Zero-Day (CVE-2025-53770): Urgent Patching Required

Weekly Report: New Hacking Techniques and Critical CVEs July 11-17, 2025

Cyber adversaries intensified efforts this week with two new exploited zero-days, multiple critical vulnerabilities, and fresh ransomware-as-a-service (RaaS) operations adopting AI-driven negotiation panels. The following pages provide an exhaustive, technically focused brief for CISOs and security engineering teams. Modern attack surface expansion and rapid exploit adoption defined the last seven days. Google patched and confirmed… Read More »Weekly Report: New Hacking Techniques and Critical CVEs July 11-17, 2025

Wing FTP Server Vulnerability (CVE-2025-47812)

On July 7, 2025, a critical vulnerability in Wing FTP Server was actively exploited in the wild. Identified as CVE-2025-47812 and carrying a maximum CVSS score of 10.0, the flaw allows unauthenticated attackers to execute arbitrary system commands through the product’s web interface. Security researcher Julien Ahrens discovered the issue, which originates from improper null… Read More »Wing FTP Server Vulnerability (CVE-2025-47812)

Zero Auth, Full Control: Inside the Critical vBulletin CVE-2025-48827

Zero-day vulnerabilities are a serious threat to organizations all over the world in the consistently elevating field of cybersecurity. Recently, a critical vulnerability known as CVE-2025-48827 surfaced, leaving systems vulnerable to privilege escalation alongside remote code execution (RCE) attacks. This blog post provides an in-depth analysis of the vulnerability, a step-by-step exploitation guide, and actionable… Read More »Zero Auth, Full Control: Inside the Critical vBulletin CVE-2025-48827

Weekly Report: New Hacking Techniques and Critical CVEs June 18–June 25, 2025

This week’s intelligence reveals an escalation in targeted exploitation of emerging software flaws, novel stealthy attack techniques leveraging legitimate infrastructure, and politically driven data leaks orchestrated via dark web channels. Three high-severity vulnerabilities—affecting Langflow AI servers, Citrix NetScaler appliances, and default Linux configurations—have been weaponized in the wild. Attackers are also innovating with JavaScript-based credential… Read More »Weekly Report: New Hacking Techniques and Critical CVEs June 18–June 25, 2025

Use Cases
Technology
About
Partner
Resources

©2024 FireCompass, All Rights Reserved.