Tag cybersecurity

GLOBAL GROUP Ransomware Alleges Breach of Media Conglomerate Albavisión

The ransomware collective known as GLOBAL GROUP has claimed responsibility for a significant security breach at Albavisión, a prominent Spanish-language media conglomerate headquartered in Miami, Florida. According to the group, they have successfully extracted 400 GB of sensitive data from the company. Having emerged in early June 2025, GLOBAL GROUP…

Read MoreGLOBAL GROUP Ransomware Alleges Breach of Media Conglomerate Albavisión

Severe Vulnerability in Wing FTP Server (CVE-2025-47812) Under Active Exploitation

July 11, 2025
Cyber Attack / Vulnerability Alert

A recently uncovered critical security vulnerability affecting Wing FTP Server is currently being exploited, as reported by Huntress. Known as CVE-2025-47812 (CVSS score: 10.0), this flaw involves improper handling of null (‘\0’) bytes within the server’s web interface, leading to potential remote code execution. The issue has been resolved in version 7.4.4. According to CVE.org’s advisory, “The user and admin web interfaces mishandle ‘\0’ bytes, allowing for the injection of arbitrary Lua code into user session files.” This can enable the execution of arbitrary system commands with the privileges of the FTP service, which defaults to root or SYSTEM. Alarmingly, the vulnerability can also be exploited through anonymous FTP accounts. A detailed analysis of this security issue became public in late June 2025, thanks to RCE Security researcher Julien Ahrens.

Critical Security Flaw in Wing FTP Server Under Active Attack On July 11, 2025, cybersecurity firm Huntress reported that a serious vulnerability in the Wing FTP Server, classified as CVE-2025-47812, is currently being exploited in the wild. This flaw bears a maximum CVSS score of 10.0, indicating its critical nature,…

Read More

Severe Vulnerability in Wing FTP Server (CVE-2025-47812) Under Active Exploitation

July 11, 2025
Cyber Attack / Vulnerability Alert

A recently uncovered critical security vulnerability affecting Wing FTP Server is currently being exploited, as reported by Huntress. Known as CVE-2025-47812 (CVSS score: 10.0), this flaw involves improper handling of null (‘\0’) bytes within the server’s web interface, leading to potential remote code execution. The issue has been resolved in version 7.4.4. According to CVE.org’s advisory, “The user and admin web interfaces mishandle ‘\0’ bytes, allowing for the injection of arbitrary Lua code into user session files.” This can enable the execution of arbitrary system commands with the privileges of the FTP service, which defaults to root or SYSTEM. Alarmingly, the vulnerability can also be exploited through anonymous FTP accounts. A detailed analysis of this security issue became public in late June 2025, thanks to RCE Security researcher Julien Ahrens.

Enhancing Your CTEM Program: The Critical Role of Adversarial Exposure Validation (AEV)

Data Breach Notification, Data Security, Incident & Breach Response Seemant Sehgal • July 16, 2025 With 25 years of experience in the cybersecurity sector, I have witnessed firsthand the evolution of vulnerability management (VM) from traditional scanning methods to integrated cloud solutions. Historically, VM has been central to enterprise cybersecurity…

Read MoreEnhancing Your CTEM Program: The Critical Role of Adversarial Exposure Validation (AEV)

Arizona Woman Sentenced for Assisting North Korea in $17 Million IT Employment Scheme

A woman from Arizona, Christina Marie Chapman, has been sentenced to over eight years in prison for her pivotal involvement in a fraudulent scheme that funneled upwards of $17 million to North Korea. According to the U.S. Department of Justice (DoJ), the 50-year-old resident of Litchfield Park was instrumental in…

Read MoreArizona Woman Sentenced for Assisting North Korea in $17 Million IT Employment Scheme

Microsoft Halts Use of China-Based Teams for Department of Defense Support

Microsoft has recently decided to cease using engineering teams based in China for the support of the Defense Department’s cloud computing systems. This decision follows an investigation by ProPublica, which raised concerns among cybersecurity experts about potential vulnerabilities to hacking and espionage. While this action directly addresses the Defense Department,…

Read MoreMicrosoft Halts Use of China-Based Teams for Department of Defense Support

New York Introduces Pioneering Cybersecurity Regulations for Water Sector

Critical Infrastructure Security, Regulation, Standards, Regulations & Compliance State Seeks Public Input on New Reporting Rules and Regulations for Water Sector Chris Riotta (@chrisriotta) • July 25, 2025 Image: Shutterstock New York State has initiated the development of mandatory cybersecurity standards for its water and wastewater systems, a sector that…

Read MoreNew York Introduces Pioneering Cybersecurity Regulations for Water Sector

Edelson Lechtzin LLP Investigates Potential Data Breach Claims for Customers of Tea Dating Advice, Inc. (Tea App)

NEWTOWN, Pa., July 25, 2025 /PRNewswire/ — Edelson Lechtzin LLP has announced an investigation into potential data privacy violations following a recent incident involving Tea Dating Advice, Inc. (referred to as “Tea”). The company disclosed that it became aware of a data breach on July 25, 2025. For those impacted,…

Read MoreEdelson Lechtzin LLP Investigates Potential Data Breach Claims for Customers of Tea Dating Advice, Inc. (Tea App)

PowerSchool Remains Accountable for Data Breach, Says Former Privacy Commissioner – National

PowerSchool Data Breach: Accountability and Future Safeguards A significant shift has emerged in the aftermath of a major data breach impacting PowerSchool, affecting millions of children, educators, and parents. Despite the conclusion of an investigation into the company’s cybersecurity protocols, a former federal privacy commissioner emphasizes that PowerSchool is still…

Read MorePowerSchool Remains Accountable for Data Breach, Says Former Privacy Commissioner – National