CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain...
Vous n'êtes pas connecté
Rubriques :
- SECURITYAFFAIRS.CO - A La Une - Hier 10:31
CrushFTP zero-day actively exploited at least since July 18
Hackers exploit CrushFTP zero-day, tracked as CVE-2025-54309, to gain admin access via HTTPS when DMZ proxy is off. Threat actors are exploiting a zero-day vulnerability, tracked as CVE-2025-54309 (CVSS score of 9.0), in the managed file transfer software CrushFTP to gain administrative privileges on vulnerable servers via HTTPS. CrushFTP warned of a zero-day that has […]
Articles similaires
New CrushFTP zero-day exploited in attacks to hijack servers
bleepingcomputer.com - 18/Jul 22:24
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain...
Wing FTP Server flaw actively exploited shortly after technical details were made public
securityaffairs.co - 13/Jul 15:50
Hackers exploit critical Wing FTP flaw (CVE-2025-47812) for remote code execution with root/system rights after details leaked on June 30. Threat...
SharePoint zero-day CVE-2025-53770 actively exploited in the wild
securityaffairs.co - 21/Jul 07:27
Microsoft warns of ongoing active exploitation of a SharePoint zero-day vulnerability, tracked as CVE-2025-53770. Microsoft warns of a SharePoint...
SharePoint zero-day CVE-2025-53770 actively exploited in the wild
securityaffairs.co - 21/Jul 07:27
Microsoft warns of ongoing active exploitation of a SharePoint zero-day vulnerability, tracked as CVE-2025-53770. Microsoft warns of a SharePoint...
CVE-2025-54309 – Critical Authentication Bypass in CrushFTP
thecyberthrone.in - 02:31
Overview CVE-2025-54309 is a critical security vulnerability in the CrushFTP Managed File Transfer Server, allowing unauthenticated remote attackers...
CVE-2025-54309 – Critical Authentication Bypass in CrushFTP
thecyberthrone.in - 02:31
Overview CVE-2025-54309 is a critical security vulnerability in the CrushFTP Managed File Transfer Server, allowing unauthenticated remote attackers...
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available
bleepingcomputer.com - 20/Jul 15:40
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no...
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available
bleepingcomputer.com - 20/Jul 15:40
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no...
Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release
securityaffairs.co - 19/Jul 16:25
Hackers exploited a Fortinet FortiWeb flaw the same day a PoC was published, compromising dozens of systems. Hackers began exploiting a critical...
Les derniers communiqués
-
Power Metallic Demonstrates Positive Initial Mineralogy Results - PGE Enrichment Associated with Chalcopyrite and Cubanite
Power Metallic Mines Inc - 23/07/2025
-
Coca-Cola is releasing a Trump-approved new version of its soda
The Coca Cola Company - 22/07/2025
-
Argonne National Laboratory Celebrates Aurora Exascale Computer
Intel - 19/07/2025
-
Meta to invest hundreds of billions in superintelligence efforts
Meta - 16/07/2025
-
NASA discovers 'super Earth' planet emitting mysterious signal
National Aeronautics and Space Administration - 16/07/2025
-
Amazon Prime Day 2025 Delivers Record Sales and Savings in Expanded Four-Day Shopping Event
AMAZON - 12/07/2025
-
DHS Reveals Criminal Histories of Illegal Aliens Detained at Prairieland Detention Center at Time of July 4 Attack
The Department of homeland security - 11/07/2025
-
Henson Group and myCloudDoor Merge to Form ALIANDO, a Leading, Global Microsoft Partner
Henson Group - 10/07/2025
-
Their ability to enter and operate in the United States emphasized the danger of letting violent offenders exploit our border—and reinforces why the Trump Administration refuses to let its guard down. HSI Omaha led the operation with support from federal and international law enforcement partners. ICE currently holds both individuals in custody. The agency has initiated removal proceedings and will continue coordinating with El Salvadoran authorities to send them back to face justice.
The Department of homeland security - 10/07/2025
-
Their ability to enter and operate in the United States emphasized the danger of letting violent offenders exploit our border—and reinforces why the Trump Administration refuses to let its guard down. HSI Omaha led the operation with support from federal and international law enforcement partners. ICE currently holds both individuals in custody. The agency has initiated removal proceedings and will continue coordinating with El Salvadoran authorities to send them back to face justice.
The Department of homeland security - 10/07/2025