Security News > 2024 > April > Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks
2024-04-20 05:18
Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files," CrushFTP said in an advisory released Friday.
News URL
https://thehackernews.com/2024/04/critical-update-crushftp-zero-day-flaw.html
Related news
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)