Critical vulnerability in Wing FTP Server exploited by attackers. Read how to protect against it.

🚨 A new critical vulnerability in Wing FTP Server (CVE-2025-47812) is being actively exploited by attackers. This flaw allows remote code execution, giving hackers the ability to run malicious Lua scripts, create backdoor accounts, and steal data. 👉 The takeaway? Once attackers get execution rights, it’s already too late. Detect-and-respond strategies leave businesses scrambling after the damage begins. In our latest blog, we break down what happened, why this vulnerability is so dangerous, and why the security community needs to push harder toward isolation and containment strategies that stop attacks before they execute. 🔒 Staying informed is the first step. Protecting against these evolving threats requires rethinking the way we approach endpoint security. Read the full blog here 👇 https://buff.ly/0vrIQdL #cybersecurity #ransomware #endpointsecurity #dataprotection #zeroday #securityawareness #AppGuard #AppGuardistheAnswer #infosec #CHIPS

WHEN UPDATES BACKFIRE (DESPITE GOOD INTENTIONS): Researchers traced the exploit to a "race condition" triggered by rapid HTTP(S) requests, where barely timed headers let hackers impersonate the “crushadmin” user. The exploit went live shortly after a code update intended to fix an unrelated AS2 bug, unintentionally revealing the flaw to attackers. Over 30,000 installations were at risk; and as of late July, about 1,000 remained unpatched—even though fixes were available. This basically turned a housekeeping update into a zero-day weapon. And it highlights a vital lesson: even minor code changes can create major security gaps, and patching must be relentless. https://lnkd.in/ek_SWkkW #auguryit #zerodays #patching #security

WHEN UPDATES BACKFIRE (DESPITE GOOD INTENTIONS): Researchers traced the exploit to a "race condition" triggered by rapid HTTP(S) requests, where barely timed headers let hackers impersonate the “crushadmin” user. The exploit went live shortly after a code update intended to fix an unrelated AS2 bug, unintentionally revealing the flaw to attackers. Over 30,000 installations were at risk; and as of late July, about 1,000 remained unpatched—even though fixes were available. This basically turned a housekeeping update into a zero-day weapon. And it highlights a vital lesson: even minor code changes can create major security gaps, and patching must be relentless. Otherwise, enjoy your labor day weekend, friends. https://lnkd.in/ggb8PfJA #auguryit #cysec #patching

XSS (Cross-Site Scripting) is a serious web vulnerability that lets attackers inject malicious scripts into websites. As a tangible example, it was the technique used in the 2018 British Airways breach, where hackers stole credit card details from 380,000+ customers. My friend John Kounelis put together an excellent video that breaks down the different types of XSS with real-world examples, showing how this threat could be exploited in bug bounty scenarios. If you’re into security or development, this one is worth a watch: https://lnkd.in/gTuF3SvG

Recently many #npm packages get hijacked (actually not only recent, it’s happened frequently but just many weren’t disclosed at all) by #hackers with various method. One of the common method is to inject malicious code into these npm and then it’s spread unconditionally like a wildfire to all application that using this npm. Boom 💥, jackpot to the hackers, bad news to #application and #security. It’s tedious to track manually as an application built with hundreds of npm packages at least. The good thing is this can be identified and prevented with automated tool, like a software composition analysis (#SCA) scanner. These scanners work by detecting open-source packages and dependencies within the application. Thereafter provide suggestions for fixing identified vulnerabilities, such as updating or replacing outdated libraries. https://lnkd.in/gmmqGBgH

🚨 Internet Archive Abused for Hosting Stealthy JScript Loader Malware | Read more: https://lnkd.in/dAuBhHUV 👉 A novel malware delivery chain in recent weeks that leverages the Internet Archive’s legitimate infrastructure to host obfuscated payloads. The attack begins with a seemingly innocuous JScript file delivered via malspam, which in turn invokes a PowerShell loader. 👉 This PowerShell script reaches out to the Internet Archive (archive.org) to retrieve a benign-looking PNG image that, upon closer inspection, houses a hidden .NET loader encoded within its pixel data. #cybersecuritynews

This shows just how important it is to be vigilant and question everything! This article shows how even the most trusted platforms can be abused. Attackers managed to hide malware inside an image hosted on the Internet Archive, a site many of us think of as safe and reliable. What looked like a normal picture was actually used to deliver malicious code and give criminals remote access. The nature of this type of attack, is that logs will show normal web traffic to a trusted site, nothing suspicious to flag up! It’s a stark reminder that trust alone isn’t protection. Cyber criminals are creative, and they’ll use familiar tools and platforms in ways we don’t expect. #cybersecurity #trust #vigilance #malware #payload

🚨The npm ecosystem just suffered one of the most serious supply-chain attacks to date. What happened: Attackers hijacked a trusted maintainer’s account and injected malware into widely used npm packages. Impact: These packages see 2.6 billion weekly downloads. The payload executed in users’ browsers, silently rewriting payment destinations and approvals to attacker-controlled accounts, all while keeping the interface looking normal. How to mitigate: Update dependencies: upgrade to safe versions and pin where possible Rebuild clean: clear caches and pull only from trusted sources Audit behavior: look for suspicious install scripts, network activity, or obfuscated code Monitor runtime: detect if malicious code actually executes in your environment Why this matters: Traditional scanning tools flag files, but they can’t always tell you what’s truly dangerous. At Sweet, we focus on what actually runs at runtime, so you can cut through the noise, see what’s really at risk, and respond before damage is done. Read more here: https://hubs.li/Q03Hpvql0 #SupplyChainAttack #SweetSecurity #cloudsecurity #RuntimeCNAPP #phishing

Sharing in case you missed it: our CTO Tomer Filiba wrote a great breakdown on a new kind of supply chain attack that recently hit the npm ecosystem. If you haven’t had the chance to read it yet, now’s a great time to catch up 👇

🚨 Supply Chain Attack Hijacks ctrl/tinycolor With 2M+ Downloads and Other 40 NPM Packages | Read more: https://lnkd.in/gSaAEXGx A sophisticated and widespread supply chain attack has struck the NPM ecosystem, compromising the popular ctrl/tinycolor package, which is downloaded over 2 million times per week. The attack also affected more than 40 other packages from various maintainers, introducing a dangerous self-propagating malware designed to steal developer credentials and spread itself across the software landscape. The malicious versions, identified as 4.1.1 and 4.1.2 of @ctrl/tinycolor, were quickly removed from the NPM registry, but not before they were distributed. #cybersecuritynews