Mastodawn

It's not a Friday without an actively exploited zero-day vulnerability (with no CVE ID) in a file transfer product. cc: @todb

Bleeping Computer: CrushFTP warns users to patch exploited zero-day “immediately”
CrushFTP: CrushFTP: Update
Exploitation report: CrowdStrike on Reddit: SITUATIONAL AWARENESS // 2024-04-19 // CrushFTP Virtual Filesystem Escape Vulnerability in the Wild

#zeroday #eitw #activeexploitation #CrushFTP #vulnerability

CrushFTP warns users to patch exploited zero-day “immediately”

CrushFTP warned customers today in a private memo of an actively exploited zero-day vulnerability fixed in new versions released today, urging them to patch their servers immediately.

BleepingComputer

CrushFTP warns users to patch exploited zero-day “immediately”

CVE Website