Heads up—there’s a zero-day in CrushFTP that’s being actively exploited. If you’re not using their DMZ proxy setup, attackers can remotely grab admin access via HTTPS. Versions before 10.8.5 and 11.3.4_23 are affected.
Already being used in the wild since mid-July. Patch ASAP and check your logs!
Comments
biglyburrito•1h ago
If you're going to post about a zero-day, don't post without a link to a source where details are available.
biglyburrito•1h ago