CISA confirms exploitation of maximum-severity Wing FTP flaw.

Summary

By the CyberWire staff

At a glance.

CISA confirms exploitation of maximum-severity Wing FTP flaw.
Google patches actively exploited Chrome flaw.
Europol disrupts Romanian ransomware gang.

CISA confirms exploitation of maximum-severity Wing FTP flaw.

CISA has added a critical vulnerability (CVE-2025-47812) affecting Wing FTP Server to its Known Exploited Vulnerabilities (KEV) Catalog, ordering Federal civilian agencies to patch the flaw by August 4th. The vulnerability, which was assigned a CVSS score of 10, can allow attackers to inject arbitrary Lua code into user session files with the privileges of the FTP service, which are root or SYSTEM by default. The vulnerability's CVE record describes it as "a remote code execution vulnerability that guarantees a total server compromise."

Researchers at Huntress observed exploitation against a customer on July 1st, one day after an initial write-up was published.

Are You Future Ready? Secure Your Machine Future With Confidence.

CyberArk is the leader behind the world’s most comprehensive machine identity security solution. With capabilities that span secrets, certificate management and workload identities, we enable customers to secure more machine identity use cases with the right level of privilege control. Find out exactly how we’re helping modern organizations secure their machine future.

Google patches actively exploited Chrome flaw.

Google has fixed a high-severity Chrome vulnerability (CVE-2025-6558) that's being exploited in the wild, BleepingComputer reports. The vulnerability results from "insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157," and can allow an attacker to perform a sandbox escape via a crafted HTML page. Google is not disclosing details of the flaw until a majority of users have applied the fix.

What do you care about when it comes to cyber?

Power our progress at N2K Networks. Complete our annual audience survey to help us shape smarter content, actionable insights, and more of what you care about. Take the survey.

Europol disrupts Romanian ransomware gang.

A law enforcement operation coordinated by Europol has disrupted a Romanian ransomware gang known as "Diskstation," BleepingComputer reports. The gang has been targeting Synology Network-Attached Storage (NAS) devices since at least 2021. The Italian State Police, collaborating with law enforcement in France and Romania, traced ransom payments and identified several suspects in Bucharest. The alleged ringleader of the group, a 44-year-old Romanian citizen, is in detention as he awaits trial. This individual is accused of leading ransomware attacks against numerous Italian organizations.

Notes.

Today's issue includes events affecting France, Italy, Romania, and the United States.

Attacks, Threats, and Vulnerabilities

Louis Vuitton says customers in Turkey, South Korea and UK impacted by data breaches (The Record) A statement from Louis Vuitton South Korea said the breach involved names, contact information and other data provided by customers. No financial information was included in the breach.

Next Gen TTPs in the Threat Actor's Playbook (Cofense) Cofense Intelligence tracks advanced Tactics, Techniques, and Procedures (TTPs) in credential phishing and malware reporting. These tracked advanced TTPs consist of individual techniques such as

Retailer Co-op: Attackers snatched all 6.5M member records (The Register) Supermarket announces white hat education scheme as four suspects released on bail

NSA: Volt Typhoon was ‘not successful’ at persisting in critical infrastructure (The Record) “The good news" is that China's Volt Typhoon hacking campaign "really failed," an NSA official said at a cyber conference in New York. An FBI official also described an incident of "true cyberwarfare" with the Flax Typhoon group.

Products, Services, and Solutions

BioCatch posts record Q2, surpassing $160 million in ARR (PR Newswire UK) /PRNewswire/ -- BioCatch, which prevents financial crime by recognizing patterns in human behavior, posted its best second quarter in company history in Q2 of...

Trustwave Launches Managed Phishing for Microsoft Service to Strengthen Microsoft 365 Email Security (Trustwave) Chicago – July 14, 2025 – Trustwave today announced the launch of Managed Phishing for Microsoft service to strengthen Microsoft 365 email security.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

International Space Station Research and Development Conference (Seattle, Washington, USA, Jul 28 - 31, 2025) At ISSRDC, learn how to harness the International Space Station (ISS) and the unique conditions of space to help solve your most pressing research and development (R&D) challenges.

DEF CON 33 (Las Vegas, Nevada, USA, Aug 7 - 10, 2025) DEF CON is one of the oldest continuously running hacker conventions around, and also one of the largest.

39th Annual Small Satellite Conference (Salt Lake City, Utah, USA, Aug 11 - 13, 2025) During the 39th Annual Small Satellite Conference, we will delve into the innovations, demands, and cross-market collaborations shaping the future of satellite capabilities and driving new opportunities allowing us to collectively reach new horizons.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 07.16.25

At a glance.

CISA confirms exploitation of maximum-severity Wing FTP flaw.

Google patches actively exploited Chrome flaw.

Europol disrupts Romanian ransomware gang.

Notes.

Attacks, Threats, and Vulnerabilities

Products, Services, and Solutions

Events