A critical zero-day flaw in CrushFTP that can grant attackers administrator access was discovered on July 18 and is under active exploitation. Background On July 18, CrushFTP published an update to its CrushWiki detailing the discovery and exploitation of a zero-day in its CrushFTP software: CVE Description CVSSv3 CVE-2025-54309 CrushFTP Unprotected Alternate Channel Vulnerability 9.0 Tenable’s Research Special Operations (RSO) team is monitoring for any further developments surrounding CVE-2025...
Ex-IDF cyber chief on Iran, Scattered Spider, and why social engineering worries him more than 0-days
The Register Security
1 hour ago
Cyber-crime Ex-IDF cyber chief on Iran, Scattered Spider, and why social engineering worries him more than 0-days Keep It Simple, Stupid InterviewScattered Spider and Iranian government-backed cyber u...
