Security News > 2024 > April > Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks
2024-04-20 05:18
Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files," CrushFTP said in an advisory released Friday.
News URL
https://thehackernews.com/2024/04/critical-update-crushftp-zero-day-flaw.html
Related news
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- FortiManager critical vulnerability under active attack (source)
- Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)