ExeVision, a provider of web-based project development and road construction management solutions for State Departments of Transportation, has allegedly been compromised. The breach was announced on a dark web forum by an actor who claims the incident occurred in November 2025. The actor alleges that the company’s source code was stolen during the attack.
The allegedly compromised data reportedly consists of the company’s proprietary source code. A file tree released by the actor as proof of the breach indicates the exposure of several critical development repositories and application directories, including:
-
Core Platforms: Source code for the “iCX” (Integrated Contractors Exchange) and “iPD” (Integrated Project Development) platforms.
-
Construction Management: The “CMS” (Construction Management Subsystem) and “EBS” (Electronic Bidding System) modules.
-
Field Operations: The “EFieldBook” application, used for field documentation.
-
Compliance Modules: Directories related to “CivilRights” and “ContractTracking”.
-
Infrastructure: Folders containing “SaaS-dev” repositories, authentication microservices, and API configurations.
