Hackers are exploiting critical RCE flaw in Wing FTP Server
Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public. [...]
Stay updated on the latest in information security flaws. Explore news, insights, and analysis on vulnerabilities affecting digital safety.
Search across headline titles and summaries.
Background for this topic.
A flaw is a defect in software, hardware, system design, or configuration that causes unintended behavior. In security reporting, the term usually means a weakness that could violate confidentiality, integrity, or availability when reached through a particular interface, input, privilege, or operating condition. Not every flaw is exploitable, and exploitability depends on factors such as exposure, authentication requirements, affected versions, and available mitigations.
Flaws matter because they can create attack paths in applications, operating systems, devices, APIs, or administrative settings. Security teams assess their severity and exposure, prioritize remediation, apply patches or configuration changes, and use isolation or access controls when immediate fixes are unavailable. Code review, testing, vulnerability scanning, and monitoring can reveal flaws across the development and operational lifecycle. Reports should distinguish a confirmed vulnerability from a theoretical defect and provide enough technical detail to support validation without unnecessarily enabling exploitation.
Hackers have started to exploit a critical remote code execution vulnerability in Wing FTP Server just one day after technical details on the flaw became public. [...]
Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEYs to be weaponized to gain remote code execution capabilities on hundreds of applications
Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to achieve pre-authenticated remote code execution on vulnerable servers. [...]
Intruders looked up how to use curl mid-attack - rookie errors kept damage minimal Huntress security researchers observed exploitation of the CVSS 10.0 remote code execution (RCE) flaw in Wing FTP Server on July 1, just one day after its public disclosure.…
Learn how one overlooked flaw in OpenVSX discovered by Koi Secureity could've let attackers hijack millions of dev machines via an extension supply chain attack. The zero-day threat's been patched—but the wake-up call is clear: extensions are a new, massive supply chain risk. [...]
Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances
Cybersecurity researchers have discovered a set of four security flaws in OpenSynergy's BlueSDK Bluetooth stack that, if successfully exploited, could allow remote code execution on millions of transport vehicles from different vendors
A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) catalog, officially confirming the vulnerability has been weaponized in the wild
Also, US Sanctions North Korean IT Worker Scammers and More Paraguay HacksThis week, McDonald's password mishap, North Korean IT worker sanctions, a wormable Microsoft flaw, Qantas update. Monzo fined, Flutter data breach and CyberTeam again targeted Paraguay. Anatsa Trojan reappeared, DoNot targeted a European ministry. Academics sneaked prompt injections into papers.
Four vulnerabilities dubbed PerfektBlue and affecting the BlueSDK Bluetooth stack from OpenSynergy can be exploited to achieve remote code execution and potentially allow access to critical elements in vehicles from multiple vendors, including Mercedes-Benz AG, Volkswagen, and Skoda. [...]
Boffins outsmart smart contracts with evil automation Using AI models to generate exploits for cryptocurrency contract flaws appears to be a promising business model, though not necessarily a legal one.…
A high-severity security flaw has been disclosed in ServiceNow's platform that, if successfully exploited, could result in data exposure and exfiltration
Always Secure MCP Servers Connecting LLMs to External Systems, Experts WarnWarning: Popular technology designed to make it easy for artificial intelligence tools to connect with external applications and data sources can be turned to malicious use. Researchers discovered two separate vulnerabilities tied to tools in the ecosystem around model context protocol, or MCP.
A container escape flaw involving the NVIDIA Container Toolkit could have enabled a threat actor to access AI datasets across tenants.
Multiple vulnerabilities that remain unpatched in Ruckus Wireless management products could be exploited to fully compromise the network environment they serve. [...]
A new vulnerability in ServiceNow, dubbed Count(er) Strike, allows low-privileged users to extract sensitive data from tables to which they should not have access. [...]
CVE-2025-47981 has the “unfortunate hallmarks of becoming a significant problem,” said WatchTowr’s CEO
For the first time in 2025, Microsoft's Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but acknowledged one of the addressed flaws had been publicly known
Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire "critical" rating, meaning they could be exploited to seize control over vulnerable Windows PCs with little or no help from users.