Bleeping Computer

CrushFTP warns users to patch exploited zero-day “immediately”

Update April 22, 16:31 EDT: This CrushFTP VFS sandbox escape vulnerability is now tracked as CVE-2024-4040. CrushFTP warned customers today in a private memo of an actively exploited zero-day ...
ITWire

How an unauthenticated CrushFTP Zero-Day enabled complete server compromise

GUEST OPINION: In April, managed file transfer vendor CrushFTP released information to a private mailing list on a new zero-day vulnerability affecting versions below 10.7.1 and 11.1.0 (as well as ...
Bleeping Computer

Over 1,000 CrushFTP servers exposed to ongoing hijack attacks

Over 1,000 CrushFTP instances currently exposed online are vulnerable to hijack attacks that exploit a critical security bug, providing admin access to the web interface. The security vulnerability ...
Infosecurity-magazine.com

CrushFTP File Transfer Vulnerability Lets Attackers Download System Files

CrushFTP customers have been warned to patch an actively exploited vulnerability that allows attackers to download system files. In an advisory dated April 19, 2024, the file transfer company said ...
Dark Reading

Disclosure Drama Clouds CrushFTP Vulnerability Exploitation

A critical CrushFTP vulnerability now under exploitation in the wild has become mired in controversy and confusion. On March 31, the Shadowserver Foundation reported that exploitation activity was ...