Urgent Update: Zero-Day Flaw in CrushFTP Software Exposes U.S. Entities to Cyber Attacks
April 20, 2024
A severe zero-day vulnerability found in CrushFTP software enables unauthorized system file downloads.
Crowdstrike reported the vulnerability is being exploited in targeted attacks, primarily against U.S. entities, with potential political motives.
The vulnerability has been addressed in CrushFTP version 11.1.0, with users strongly recommended to update immediately.
No CVE has been assigned to the vulnerability at this time, increasing concerns about CrushFTP's security posture.
Users should monitor the vendor's website for updates and prioritize applying the patch to prevent exploitation.
Summary based on 2 sources
Get a daily email with more Tech stories
Sources

The Hacker News • Apr 20, 2024
Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks
Security Affairs • Apr 20, 2024
Critical CrushFTP zero-day exploited in attacks in the wild