Summary: A critical vulnerability in FileZen, a widely used file transfer solution from Japan’s Soliton Systems, allows authenticated attackers to run arbitrary operating system commands. This flaw is being targeted in specific regional espionage campaigns aiming to exfiltrate corporate intellectual property.
Business Impact: High Supply Chain Risk for APAC-linked firms. FileZen is often used to share sensitive data with Japanese partners. A compromise allows attackers to use the transfer hub as a pivot point to infect all files being exchanged with external clients.
Why It Happened: Inadequate input sanitization within the application’s file processing logic allowed for OS command injection via specially crafted file names or metadata.
Recommended Executive Action: If FileZen is in your environment, apply the security update from Soliton immediately. Audit all recent file transfer logs for anomalous activity and ensure that any shared file storage is isolated from core production systems.
Hashtags: #FileZen #SupplyChain #CommandInjection #APACSecurity #DataTransfer #Infosec