CrushFTP Archives

Malware & Threats

Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities

The flaw, tagged as CVE-2025-30406, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog in early April.

Ryan NaraineApril 14, 2025

Malware & Threats

Threat Actors Setting Up Persistent Access to Hosts Hacked in CrushFTP Attacks

Huntress has shared details on the post-exploitation activities of threat actors targeting the recent CrushFTP vulnerability.

Eduard KovacsApril 8, 2025

Vulnerabilities

Two CVEs, One Critical Flaw: Inside the CrushFTP Vulnerability Controversy

Two CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one’.

Eduard KovacsApril 3, 2025

Vulnerabilities

CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability

Shadowserver has started seeing exploitation attempts aimed at a CrushFTP vulnerability tracked as CVE-2025-2825 and CVE-2025-31161.

Eduard KovacsApril 1, 2025

Malware & Threats

Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day

More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published.

Ionut ArghireApril 26, 2024

Vulnerabilities

CrushFTP Patches Exploited Zero-Day Vulnerability

CrushFTP patches a zero-day vulnerability allowing unauthenticated attackers to escape the VFS and retrieve system files.

Ionut ArghireApril 22, 2024

SECURITYWEEK NETWORK:

ICS:

All posts tagged "CrushFTP"

Malware & Threats

Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities

Malware & Threats

Threat Actors Setting Up Persistent Access to Hosts Hacked in CrushFTP Attacks

Vulnerabilities

Two CVEs, One Critical Flaw: Inside the CrushFTP Vulnerability Controversy

Vulnerabilities

CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability

Malware & Threats

Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day

Vulnerabilities

CrushFTP Patches Exploited Zero-Day Vulnerability

Featured

Artificial Intelligence

Grok-4 Falls to a Jailbreak Two Days After Its Release

Mobile & Wireless

July 2025 Breaks a Decade of Monthly Android Patches

Mobile & Wireless

eSIM Hack Allows for Cloning, Spying

IoT Security

Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack

Data Breaches

Nippon Steel Subsidiary Blames Data Breach on Zero-Day Attack

Nation-State

Alleged Chinese State Hacker Wanted by US Arrested in Italy

Artificial Intelligence

The Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to Ignore

Latest News

Malware & Threats

In Other News: Microsoft Finds AMD CPU Flaws, ZuRu macOS Malware Evolves, DoNot APT Targets Govs

Cybersecurity Funding

Cyberstarts Launches $300M Liquidity Fund to Help Startups Retain Top Talent

Artificial Intelligence

EU Unveils AI Code of Practice to Help Businesses Comply With Bloc’s Rules

Data Breaches

McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications

Vulnerabilities

Critical Wing FTP Server Vulnerability Exploited

Privacy & Compliance

TikTok Faces Fresh European Privacy Investigation Over China Data Transfers

Mobile & Wireless

July 2025 Breaks a Decade of Monthly Android Patches

Daily Briefing Newsletter