Code update creates security exploit, over 30,000 installations at risk

WHEN UPDATES BACKFIRE (DESPITE GOOD INTENTIONS): Researchers traced the exploit to a "race condition" triggered by rapid HTTP(S) requests, where barely timed headers let hackers impersonate the “crushadmin” user. The exploit went live shortly after a code update intended to fix an unrelated AS2 bug, unintentionally revealing the flaw to attackers. Over 30,000 installations were at risk; and as of late July, about 1,000 remained unpatched—even though fixes were available. This basically turned a housekeeping update into a zero-day weapon. And it highlights a vital lesson: even minor code changes can create major security gaps, and patching must be relentless. https://lnkd.in/ek_SWkkW #auguryit #zerodays #patching #security

🚨 A new critical vulnerability in Wing FTP Server (CVE-2025-47812) is being actively exploited by attackers. This flaw allows remote code execution, giving hackers the ability to run malicious Lua scripts, create backdoor accounts, and steal data. 👉 The takeaway? Once attackers get execution rights, it’s already too late. Detect-and-respond strategies leave businesses scrambling after the damage begins. In our latest blog, we break down what happened, why this vulnerability is so dangerous, and why the security community needs to push harder toward isolation and containment strategies that stop attacks before they execute. 🔒 Staying informed is the first step. Protecting against these evolving threats requires rethinking the way we approach endpoint security. Read the full blog here 👇 https://buff.ly/0vrIQdL #cybersecurity #ransomware #endpointsecurity #dataprotection #zeroday #securityawareness #AppGuard #AppGuardistheAnswer #infosec #CHIPS

🚨 A new critical vulnerability in Wing FTP Server (CVE-2025-47812) is being actively exploited by attackers. This flaw allows remote code execution, giving hackers the ability to run malicious Lua scripts, create backdoor accounts, and steal data. 👉 The takeaway? Once attackers get execution rights, it’s already too late. Detect-and-respond strategies leave businesses scrambling after the damage begins. In our latest blog, we break down what happened, why this vulnerability is so dangerous, and why the security community needs to push harder toward isolation and containment strategies that stop attacks before they execute. 🔒 Staying informed is the first step. Protecting against these evolving threats requires rethinking the way we approach endpoint security. Read the full blog here 👇 https://buff.ly/0vrIQdL #cybersecurity #ransomware #endpointsecurity #dataprotection #zeroday #securityawareness #AppGuard #AppGuardistheAnswer #infosec #CHIPS

Recently many #npm packages get hijacked (actually not only recent, it’s happened frequently but just many weren’t disclosed at all) by #hackers with various method. One of the common method is to inject malicious code into these npm and then it’s spread unconditionally like a wildfire to all application that using this npm. Boom 💥, jackpot to the hackers, bad news to #application and #security. It’s tedious to track manually as an application built with hundreds of npm packages at least. The good thing is this can be identified and prevented with automated tool, like a software composition analysis (#SCA) scanner. These scanners work by detecting open-source packages and dependencies within the application. Thereafter provide suggestions for fixing identified vulnerabilities, such as updating or replacing outdated libraries. https://lnkd.in/gmmqGBgH

🚨The npm ecosystem just suffered one of the most serious supply-chain attacks to date. What happened: Attackers hijacked a trusted maintainer’s account and injected malware into widely used npm packages. Impact: These packages see 2.6 billion weekly downloads. The payload executed in users’ browsers, silently rewriting payment destinations and approvals to attacker-controlled accounts, all while keeping the interface looking normal. How to mitigate: Update dependencies: upgrade to safe versions and pin where possible Rebuild clean: clear caches and pull only from trusted sources Audit behavior: look for suspicious install scripts, network activity, or obfuscated code Monitor runtime: detect if malicious code actually executes in your environment Why this matters: Traditional scanning tools flag files, but they can’t always tell you what’s truly dangerous. At Sweet, we focus on what actually runs at runtime, so you can cut through the noise, see what’s really at risk, and respond before damage is done. Read more here: https://hubs.li/Q03Hpvql0 #SupplyChainAttack #SweetSecurity #cloudsecurity #RuntimeCNAPP #phishing

Sharing in case you missed it: our CTO Tomer Filiba wrote a great breakdown on a new kind of supply chain attack that recently hit the npm ecosystem. If you haven’t had the chance to read it yet, now’s a great time to catch up 👇

🚨 Reminder: Even small, everyday tools like WinRAR can become major attack vectors. 💡 Keep your software updated. Stay alert. Protect your data. ⚠️ Urgent Update for WinRAR Users: Active Exploitation by RomCom 🔍 ESET Research has uncovered a zero-day vulnerability in WinRAR (CVE-2025-8088) that is being actively exploited. Hidden inside job-application–style archives, the exploit leverages path traversal and Alternate Data Streams (ADS) to silently deploy backdoors like: 🪤 SnipBot | 🦠 RustyClaw | 👤 Mythic agent 🎯 Who’s targeted? Financial services 💰 Manufacturing ⚙️ Defense 🛡️ Logistics 🚚 📍 Regions: Europe & Canada 👥 Threat actor: RomCom (Russia-aligned APT) – now on their third zero-day campaign in recent years. ✅ What you need to do now: 1️⃣ Update WinRAR immediately → version 7.13 or later. 2️⃣ Patch applications using UnRAR.dll or related code. 📌 Key details at a glance: 📅 Discovery Date: July 18, 2025 🔧 Patch Released: July 30, 2025 🛠️ Affected Tools: WinRAR GUI, CLI apps, UnRAR.dll, portable code 🎭 Threat Actor: RomCom (Russia-aligned APT) 🕵️ Payloads: SnipBot, RustyClaw, Mythic agent 🎯 Targets: Finance, Manufacturing, Defense, Logistics (Europe, Canada) 🔖 #CyberSecurity #InfoSec #APT #ZeroDay #WinRAR #ESETResearch #VulnerabilityManagement #ThreatIntelligence #RomComAPT #DataSecurity https://lnkd.in/gDBiHcAS

Yet again, we see that if you've created a mechanism to monitor and archive SBOMs and dependencies, you are better equiped to mitigate bad stuff, when it happens.

Sharing this important update on Shai-Hulud, the latest supply chain attack compromising hundreds of library versions across major distributors. This is exactly why we built Scribe: when your software supply chain is continuously monitored, a question like “Was I pwned?” can be answered in real time, with evidence. Within hours, we were able to notify our customers that none of their pipelines had pulled in compromised dependencies. That’s the power of continuous evidence, provenance verification, and policy-as-code guardrails in action. Supply chain threats aren’t slowing down. With AI-driven code growth and ever-expanding dependencies, continuous assurance is no longer optional. #SoftwareSupplyChain #ContinuousAssurance #DevSecOps #AppSec #WasIPwned

Learn how hackers use web shells as backdoors to compromise websites, steal data, and maintain access ,discover effective ways to detect and stop them.