The ransomware collective known as GLOBAL GROUP has claimed responsibility for a significant security breach at Albavisión, a prominent Spanish-language media conglomerate headquartered in Miami, Florida. According to the group, they have successfully extracted 400 GB of sensitive data from the company. Having emerged in early June 2025, GLOBAL GROUP…
July 11, 2025
Cyber Attack / Vulnerability Alert
A recently uncovered critical security vulnerability affecting Wing FTP Server is currently being exploited, as reported by Huntress. Known as CVE-2025-47812 (CVSS score: 10.0), this flaw involves improper handling of null (‘\0’) bytes within the server’s web interface, leading to potential remote code execution. The issue has been resolved in version 7.4.4. According to CVE.org’s advisory, “The user and admin web interfaces mishandle ‘\0’ bytes, allowing for the injection of arbitrary Lua code into user session files.” This can enable the execution of arbitrary system commands with the privileges of the FTP service, which defaults to root or SYSTEM. Alarmingly, the vulnerability can also be exploited through anonymous FTP accounts. A detailed analysis of this security issue became public in late June 2025, thanks to RCE Security researcher Julien Ahrens.
Critical Security Flaw in Wing FTP Server Under Active Attack On July 11, 2025, cybersecurity firm Huntress reported that a serious vulnerability in the Wing FTP Server, classified as CVE-2025-47812, is currently being exploited in the wild. This flaw bears a maximum CVSS score of 10.0, indicating its critical nature,…
July 11, 2025
Cyber Attack / Vulnerability Alert
A recently uncovered critical security vulnerability affecting Wing FTP Server is currently being exploited, as reported by Huntress. Known as CVE-2025-47812 (CVSS score: 10.0), this flaw involves improper handling of null (‘\0’) bytes within the server’s web interface, leading to potential remote code execution. The issue has been resolved in version 7.4.4. According to CVE.org’s advisory, “The user and admin web interfaces mishandle ‘\0’ bytes, allowing for the injection of arbitrary Lua code into user session files.” This can enable the execution of arbitrary system commands with the privileges of the FTP service, which defaults to root or SYSTEM. Alarmingly, the vulnerability can also be exploited through anonymous FTP accounts. A detailed analysis of this security issue became public in late June 2025, thanks to RCE Security researcher Julien Ahrens.
Data Breach Notification, Data Security, Incident & Breach Response Seemant Sehgal • July 16, 2025 With 25 years of experience in the cybersecurity sector, I have witnessed firsthand the evolution of vulnerability management (VM) from traditional scanning methods to integrated cloud solutions. Historically, VM has been central to enterprise cybersecurity…
A woman from Arizona, Christina Marie Chapman, has been sentenced to over eight years in prison for her pivotal involvement in a fraudulent scheme that funneled upwards of $17 million to North Korea. According to the U.S. Department of Justice (DoJ), the 50-year-old resident of Litchfield Park was instrumental in…
Tea, a dating application designed for women to anonymously share experiences about men they have dated, has reported a major data breach affecting its user base. The company disclosed the incident in a statement released on Friday, highlighting that the compromised data included approximately 72,000 images. Of these, around 13,000…
Microsoft has recently decided to cease using engineering teams based in China for the support of the Defense Department’s cloud computing systems. This decision follows an investigation by ProPublica, which raised concerns among cybersecurity experts about potential vulnerabilities to hacking and espionage. While this action directly addresses the Defense Department,…
Critical Infrastructure Security, Regulation, Standards, Regulations & Compliance State Seeks Public Input on New Reporting Rules and Regulations for Water Sector Chris Riotta (@chrisriotta) • July 25, 2025 Image: Shutterstock New York State has initiated the development of mandatory cybersecurity standards for its water and wastewater systems, a sector that…
NEWTOWN, Pa., July 25, 2025 /PRNewswire/ — Edelson Lechtzin LLP has announced an investigation into potential data privacy violations following a recent incident involving Tea Dating Advice, Inc. (referred to as “Tea”). The company disclosed that it became aware of a data breach on July 25, 2025. For those impacted,…
PowerSchool Data Breach: Accountability and Future Safeguards A significant shift has emerged in the aftermath of a major data breach impacting PowerSchool, affecting millions of children, educators, and parents. Despite the conclusion of an investigation into the company’s cybersecurity protocols, a former federal privacy commissioner emphasizes that PowerSchool is still…
