🇸🇦 Saudi Cyber Daily Digest

Wing FTP Server Wing FTP Server — CVE-2025-47813 Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie. Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-…

<strong>GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos</strong> GlassWorm malware campaign exploits stolen GitHub tokens to inject malicious code into hundreds of Python repositories. The attack targets various Python projects including Django…

<strong>⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents &amp; More</strong> Weekly security roundup covering multiple critical incidents including Chrome zero-day vulnerabilities, router botnet activities, AWS security breaches, and emerging threats fr…

<strong>Why Security Validation Is Becoming Agentic</strong> Analysis of the evolution of security validation approaches in complex organizations, discussing the shift toward agentic security validation systems. The article examines current validation stacks including BAS tools,…

<strong>Attackers Abuse LiveChat to Phish Credit Card, Personal Data</strong> Cybercriminals are conducting social engineering attacks by impersonating PayPal and Amazon customer support through LiveChat platforms. The campaign targets users to steal credit card information and …

<strong>GlassWorm Malware Evolves to Hide in Dependencies</strong> Malicious GlassWorm extensions have infiltrated the Open VSX marketplace, posing a significant supply chain threat to software developers. The evolved malware hides within code dependencies, potentially compromis…

<strong>Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026</strong> Former Paris 2024 Olympics CISO Franz Regul shares critical cybersecurity insights from protecting one of the world's largest sporting events. The experience highlights unique challenges…

<strong>Hacked sites deliver Vidar infostealer to Windows users</strong> Compromised WordPress sites are hosting fake CAPTCHA verification pages that deceive Windows users into downloading and executing the Vidar information-stealing malware. This social engineering attack explo…

<strong>Zombie ZIP method can fool antivirus during the first scan</strong> Security researchers disclosed the Zombie ZIP technique that can evade initial antivirus detection by exploiting how AV engines scan compressed files. This method allows malicious payloads to bypass firs…

<strong>2025 Identity Threat Landscape Report: Inside the Infostealer Economy: Credential Threats in 2025</strong> Recorded Future's 2025 report analyzes hundreds of millions of compromised credentials, revealing infostealer malware evolution and targeted systems. The research p…

<strong>Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape</strong> Mandiant analyzes the evolution of ransomware tactics since 2018 when threat actors shifted to post-compromise ransomware deployments. The report examines how ransomwar…