📋 Top Headlines at a Glance

1. Traefik Triple Gate gains parallel safety pipelines, failover routing, and AI runtime controls
2. CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
3. China-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years
4. Zero lessons learned: Convicted scammer allegedly ran another athlete-focused phishing scam from federal prison
5. U.S. CISA adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog

   Executive Summary: Today's intelligence highlights a critical and actively exploited information disclosure vulnerability in Wing FTP added to CISA's KEV catalog, demanding immediate patching. Concurrently, new advancements in AI workflow security and API gateway controls are emerging to address evolving threats. The landscape is further complicated by long-term, sophisticated cyber espionage campaigns targeting military organizations in Southeast Asia and persistent, high-profile social engineering scams, underscoring the diverse and relentless nature of current cyber threats.

🌍 Technical Intelligence Breakdown

🚀 Traefik Triple Gate gains parallel safety pipelines, failover routing, and AI runtime controls

Traefik Labs has introduced significant enhancements to its Triple Gate architecture, which integrates API Gateway, AI Gateway, and MCP Gateway functionalities. These updates are designed to bolster runtime governance across the entire AI workflow.

Key capabilities include:

• Composability: A multi-vendor safety pipeline allowing parallel guard execution.
• Resilience: Multi-provider failover routing for enhanced availability.
• Cost Control: Token-level cost management for AI operations.
• Error Handling: Graceful error handling with agent-aware enforcement.
• Integration: Direct integration with IBM Granite Guardian.
• Customization: A new Regex Guard feature for creating custom security policies.

These advancements aim to address critical gaps in securing enterprise AI deployments, providing deeper control and resilience against emerging threats in AI-driven environments.

🚨 CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding an actively exploited vulnerability in Wing FTP, adding it to its Known Exploited Vulnerabilities (KEV) catalog.

Key details:

• Vulnerability ID: CVE-2025-47813
• Severity: Medium (CVSS score: 4.3)
• Type: Information disclosure vulnerability.
• Impact: Leaks the installation path of the application under specific conditions.
• Status: Actively exploited in the wild.

Organizations utilizing Wing FTP are strongly advised to consult vendor advisories and apply available patches immediately to mitigate the risk of exploitation.

🕵️ China-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years

Researchers have uncovered an extensive cyberespionage campaign attributed to an Unknown threat actor, active for years within military organizations across Southeast Asia.

Key characteristics of the campaign:

• Objective: Long-term cyberespionage.
• Targets: Military organizations in Southeast Asia.
• Tactics: Utilized novel backdoors to establish and maintain persistent access.
• Evasion: Employed familiar evasion techniques to remain undetected for extended periods.

This campaign highlights the persistent and sophisticated nature of nation-state-backed cyber operations, emphasizing the need for robust detection and response capabilities against advanced persistent threats. Dataset provides limited detail on specific tools or TTPs beyond "novel backdoors" and "familiar evasion techniques," focusing on the duration and target sector.

🎣 Zero lessons learned: Convicted scammer allegedly ran another athlete-focused phishing scam from federal prison

An alleged social engineering scheme has come to light, reportedly orchestrated by Kwamaine Jerell Ford from within a federal prison. The scam targeted high-profile individuals, specifically athletes.

Key aspects of the scheme:

• Method: Impersonation of an adult film star.
• Technique: Phishing and social engineering.
• Objective: Tricking victims into divulging sensitive credentials.
• Compromised Data: iCloud credentials and MFA codes.
• Targets: High-profile athletes.

This incident underscores the ongoing threat of social engineering, even from unexpected origins, and the critical importance of user education and strong multi-factor authentication practices to protect sensitive accounts.

🚨 U.S. CISA adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a vulnerability in Wing FTP Server to its Known Exploited Vulnerabilities (KEV) catalog. This reiterates the active exploitation of the flaw.

Key information:

• Vulnerability ID: CVE-2025-47813
• Severity: CVSS score of 4.3 (Information Disclosure).
• Product: Wing FTP Server.
• Action: CISA's inclusion in the KEV catalog mandates federal civilian executive branch agencies to remediate the vulnerability within specified timelines due to its confirmed active exploitation.

Organizations should prioritize patching Wing FTP Server instances to prevent information disclosure and potential further compromise.

📉 Threat Landscape & Trends

• Active Exploitation of Known Vulnerabilities: CISA's repeated flagging of CVE-2025-47813 in Wing FTP underscores the immediate risk posed by actively exploited flaws and the necessity of timely patching.
• Persistent Cyber Espionage: Nation-state-aligned actors continue to conduct long-term, stealthy cyberespionage campaigns against strategic targets, leveraging novel and established techniques for persistent access.
• Evolving AI Security: The introduction of advanced AI workflow governance, parallel safety pipelines, and custom guard capabilities highlights the growing focus on securing AI systems and their integrations.
• Ubiquitous Social Engineering: Phishing and impersonation tactics remain highly effective, capable of compromising high-value targets and bypassing even MFA when users are socially engineered.

📌 Strategic Takeaway

Organizations must prioritize immediate patching of CISA-flagged vulnerabilities, implement robust threat intelligence to detect sophisticated espionage, and proactively integrate security controls into emerging AI workflows. Furthermore, continuous user education on social engineering tactics and strict adherence to multi-factor authentication are paramount to defending against persistent human-centric attacks.

---

🔗 References

1. Traefik Triple Gate gains parallel safety pipelines, failover routing, and AI runtime controls
2. CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
3. China-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years
4. Zero lessons learned: Convicted scammer allegedly ran another athlete-focused phishing scam from federal prison
5. U.S. CISA adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog