Bleeping Computer

CrushFTP warns users to patch exploited zero-day “immediately”

Update April 22, 16:31 EDT: This CrushFTP VFS sandbox escape vulnerability is now tracked as CVE-2024-4040. CrushFTP warned customers today in a private memo of an actively exploited zero-day ...
Bleeping Computer

Over 1,000 CrushFTP servers exposed to ongoing hijack attacks

Over 1,000 CrushFTP instances currently exposed online are vulnerable to hijack attacks that exploit a critical security bug, providing admin access to the web interface. The security vulnerability ...
Infosecurity-magazine.com

CrushFTP File Transfer Vulnerability Lets Attackers Download System Files

CrushFTP customers have been warned to patch an actively exploited vulnerability that allows attackers to download system files. In an advisory dated April 19, 2024, the file transfer company said ...
Dark Reading

Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs

Virtual file transfer system provider CrushFTP and various security researchers are sounding the alarm about a sandbox escape flaw in the CrushFTP server that attackers already have exploited as a ...
ITWire

How an unauthenticated CrushFTP Zero-Day enabled complete server compromise

GUEST OPINION: In April, managed file transfer vendor CrushFTP released information to a private mailing list on a new zero-day vulnerability affecting versions below 10.7.1 and 11.1.0 (as well as ...