New CrushFTP 0-Day Vulnerability Exploited in the Wild to Gain Access to Servers

Threat Level

60% Cybersecurity News 16 hours ago Part of cluster #1265

A critical zero-day flaw in the CrushFTP managed file-transfer platform was confirmed after vendor and threat-intelligence sources confirmed active exploitation beginning on 18 July 2025 at 09:00 CST. Tracked as CVE-2025-54309, the bug allows unauthenticated attackers to obtain full administrative control of vulnerable servers over HTTPS. CrushFTP says the issue was inadvertently resolved in builds […]...

Continue Reading on Original Site

Recommended Articles

Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack

BleepingComputer 8 hours ago

Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack Lawrence Abrams July 19, 2025 01:41 PM 0 A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the ...

From Friction to Function: Optimising Onboarding in an Age of AML, AI and Rising Risk

Finextra Security 10 hours ago

From Friction to Function: Optimising Onboarding in an Age of AML, AI and Rising Risk Join this webinar, hosted in association with nCino, to the challenges of commercial onboarding, particularly in t...

Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication

Palo Alto Unit 42 5 days ago

Threat Research Center Threat Actor Groups Malware Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication By:Lior Rochberger Lior Rochberger Publi...

Popular npm linter packages hijacked via phishing to drop malware

BleepingComputer 13 hours ago

Popular npm linter packages hijacked via phishing to drop malware Ax Sharma July 19, 2025 08:51 AM 0 Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply ...

Ex-IDF cyber chief on Iran, Scattered Spider, and why social engineering worries him more than 0-days

The Register Security 17 hours ago

Cyber-crime Ex-IDF cyber chief on Iran, Scattered Spider, and why social engineering worries him more than 0-days Keep It Simple, Stupid InterviewScattered Spider and Iranian government-backed cyber u...

Threat Intelligence

Vulnerabilities 1

Zero-Day

Business Intelligence

Technical Indicators

CVEs 1

CVE-2025-54309

Information

Article ID: #3870
Published: 16 hours ago
Source: Cybersecurity News

Recommended Articles

Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack

From Friction to Function: Optimising Onboarding in an Age of AML, AI and Rising Risk

Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication

Popular npm linter packages hijacked via phishing to drop malware

Ex-IDF cyber chief on Iran, Scattered Spider, and why social engineering worries him more than 0-days

Save to Folder

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies