Security News > 2024 > April > Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

2024-04-20 05:18
Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files," CrushFTP said in an advisory released Friday.
News URL
https://thehackernews.com/2024/04/critical-update-crushftp-zero-day-flaw.html
Related news
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Toronto Zoo shares update on last year's ransomware attack (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)