Critical Infrastructure Security, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Senator Maintains Hold on Trump’s CISA Nominee Amid Report Delays Chris Riotta (@chrisriotta)• July 30, 2025 Image: Adam McCullough/Shutterstock The U.S. Cybersecurity and Infrastructure Security Agency (CISA) plans to release a previously withheld report addressing vulnerabilities in telecom infrastructure.…
News Desk 29 July 2025, 12:35 PM IST Tea app experiences significant backlash as private messages of over 1.1 million users are leaked online Tea Dating Advice app | Photo: Google Play Store The Tea dating app, which positions itself as a secure environment for women to share insights about…
The ransomware collective known as GLOBAL GROUP has claimed responsibility for a significant security breach at Albavisión, a prominent Spanish-language media conglomerate headquartered in Miami, Florida. According to the group, they have successfully extracted 400 GB of sensitive data from the company. Having emerged in early June 2025, GLOBAL GROUP…
July 11, 2025
Cyber Attack / Vulnerability Alert
A recently uncovered critical security vulnerability affecting Wing FTP Server is currently being exploited, as reported by Huntress. Known as CVE-2025-47812 (CVSS score: 10.0), this flaw involves improper handling of null (‘\0’) bytes within the server’s web interface, leading to potential remote code execution. The issue has been resolved in version 7.4.4. According to CVE.org’s advisory, “The user and admin web interfaces mishandle ‘\0’ bytes, allowing for the injection of arbitrary Lua code into user session files.” This can enable the execution of arbitrary system commands with the privileges of the FTP service, which defaults to root or SYSTEM. Alarmingly, the vulnerability can also be exploited through anonymous FTP accounts. A detailed analysis of this security issue became public in late June 2025, thanks to RCE Security researcher Julien Ahrens.
Critical Security Flaw in Wing FTP Server Under Active Attack On July 11, 2025, cybersecurity firm Huntress reported that a serious vulnerability in the Wing FTP Server, classified as CVE-2025-47812, is currently being exploited in the wild. This flaw bears a maximum CVSS score of 10.0, indicating its critical nature,…
July 11, 2025
Cyber Attack / Vulnerability Alert
A recently uncovered critical security vulnerability affecting Wing FTP Server is currently being exploited, as reported by Huntress. Known as CVE-2025-47812 (CVSS score: 10.0), this flaw involves improper handling of null (‘\0’) bytes within the server’s web interface, leading to potential remote code execution. The issue has been resolved in version 7.4.4. According to CVE.org’s advisory, “The user and admin web interfaces mishandle ‘\0’ bytes, allowing for the injection of arbitrary Lua code into user session files.” This can enable the execution of arbitrary system commands with the privileges of the FTP service, which defaults to root or SYSTEM. Alarmingly, the vulnerability can also be exploited through anonymous FTP accounts. A detailed analysis of this security issue became public in late June 2025, thanks to RCE Security researcher Julien Ahrens.
Data Breach Notification, Data Security, Incident & Breach Response Seemant Sehgal • July 16, 2025 With 25 years of experience in the cybersecurity sector, I have witnessed firsthand the evolution of vulnerability management (VM) from traditional scanning methods to integrated cloud solutions. Historically, VM has been central to enterprise cybersecurity…
A woman from Arizona, Christina Marie Chapman, has been sentenced to over eight years in prison for her pivotal involvement in a fraudulent scheme that funneled upwards of $17 million to North Korea. According to the U.S. Department of Justice (DoJ), the 50-year-old resident of Litchfield Park was instrumental in…
Tea, a dating application designed for women to anonymously share experiences about men they have dated, has reported a major data breach affecting its user base. The company disclosed the incident in a statement released on Friday, highlighting that the compromised data included approximately 72,000 images. Of these, around 13,000…
Microsoft has recently decided to cease using engineering teams based in China for the support of the Defense Department’s cloud computing systems. This decision follows an investigation by ProPublica, which raised concerns among cybersecurity experts about potential vulnerabilities to hacking and espionage. While this action directly addresses the Defense Department,…
Critical Infrastructure Security, Regulation, Standards, Regulations & Compliance State Seeks Public Input on New Reporting Rules and Regulations for Water Sector Chris Riotta (@chrisriotta) • July 25, 2025 Image: Shutterstock New York State has initiated the development of mandatory cybersecurity standards for its water and wastewater systems, a sector that…
