CrushFTP zero-day alert – patch now

3 points by oceanstack 9 hours ago

Heads up—there’s a zero-day in CrushFTP that’s being actively exploited. If you’re not using their DMZ proxy setup, attackers can remotely grab admin access via HTTPS. Versions before 10.8.5 and 11.3.4_23 are affected.

Already being used in the wild since mid-July. Patch ASAP and check your logs!

biglyburrito 7 hours ago

If you're going to post about a zero-day, don't post without a link to a source where details are available.

  • sejje 4 hours ago

    Disagree. I mean that's nice, but now that I know about the zero day, I can find the link to a source myself in about 10 seconds.