Late last week, FlexMLS and Matrix, two of the nation’s largest multiple listing services (MLS), fell victim to data breaches that have raised significant concerns among their members. The breaches reportedly compromised member login credentials, leading to a wave of phishing attempts. In response, both organizations advised all members to…
July 11, 2025
Cyber Attack / Vulnerability Alert
A recently uncovered critical security vulnerability affecting Wing FTP Server is currently being exploited, as reported by Huntress. Known as CVE-2025-47812 (CVSS score: 10.0), this flaw involves improper handling of null (‘\0’) bytes within the server’s web interface, leading to potential remote code execution. The issue has been resolved in version 7.4.4. According to CVE.org’s advisory, “The user and admin web interfaces mishandle ‘\0’ bytes, allowing for the injection of arbitrary Lua code into user session files.” This can enable the execution of arbitrary system commands with the privileges of the FTP service, which defaults to root or SYSTEM. Alarmingly, the vulnerability can also be exploited through anonymous FTP accounts. A detailed analysis of this security issue became public in late June 2025, thanks to RCE Security researcher Julien Ahrens.
Critical Security Flaw in Wing FTP Server Under Active Attack On July 11, 2025, cybersecurity firm Huntress reported that a serious vulnerability in the Wing FTP Server, classified as CVE-2025-47812, is currently being exploited in the wild. This flaw bears a maximum CVSS score of 10.0, indicating its critical nature,…
July 11, 2025
Cyber Attack / Vulnerability Alert
A recently uncovered critical security vulnerability affecting Wing FTP Server is currently being exploited, as reported by Huntress. Known as CVE-2025-47812 (CVSS score: 10.0), this flaw involves improper handling of null (‘\0’) bytes within the server’s web interface, leading to potential remote code execution. The issue has been resolved in version 7.4.4. According to CVE.org’s advisory, “The user and admin web interfaces mishandle ‘\0’ bytes, allowing for the injection of arbitrary Lua code into user session files.” This can enable the execution of arbitrary system commands with the privileges of the FTP service, which defaults to root or SYSTEM. Alarmingly, the vulnerability can also be exploited through anonymous FTP accounts. A detailed analysis of this security issue became public in late June 2025, thanks to RCE Security researcher Julien Ahrens.
Aeroflot Faces Major Disruption Following Suspected Cyberattack On Monday, Aeroflot, Russia’s largest airline, experienced significant operational disruptions, cancelling approximately 40 flights due to what the airline referred to as a “technical failure.” However, multiple reports, aided by statements from Russian lawmakers and pro-Ukrainian hackers, have suggested that the root cause…
Critical Infrastructure Security, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Aeroflot Targeted by Belarusian Hackers Using Wiper Malware Mathew J. Schwartz (euroinfosec) • July 28, 2025 Image: Media_works/Shutterstock Aeroflot, Russia’s state-owned airline, has canceled numerous flights following a cyberattack attributed to a Belarusian hacking collective. The group, known as…
Allianz Life has recently disclosed that a significant data breach has compromised the personal information of 1.4 million customers. The security incident was detected on July 16, 2025, prompting immediate communication to the Maine Attorney General the subsequent day. The insurance company stated that a “majority” of its customer base…
Data Breach Notification, Data Security, Incident & Breach Response Seemant Sehgal • July 16, 2025 With 25 years of experience in the cybersecurity sector, I have witnessed firsthand the evolution of vulnerability management (VM) from traditional scanning methods to integrated cloud solutions. Historically, VM has been central to enterprise cybersecurity…
Allianz Life Insurance Company of North America has confirmed a substantial data breach that has compromised the personal information of approximately 1.4 million customers. Based in Minneapolis and a subsidiary of the global insurance leader Allianz SE, headquartered in Munich, the breach reportedly took place on July 16 via a…
Focused Skill Building: Addressing Key Problems in Cybersecurity Roles In the ever-evolving field of cybersecurity, ongoing education is imperative; it doesn’t cease upon securing a position or following a career path. Instead, the need for targeted learning intensifies as professionals find themselves grappling with real-world challenges. Rather than the foundational…
AT&T has agreed to a $177 million settlement in response to two significant data breaches that compromised the personal information of customers, as reported by CNET. The settlement will provide compensation to both current and former customers affected by at least one of the breaches. Notably, individuals who can substantiate…