Security News > 2024 > April > Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks
2024-04-20 05:18
Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files," CrushFTP said in an advisory released Friday.
News URL
https://thehackernews.com/2024/04/critical-update-crushftp-zero-day-flaw.html
Related news
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)