Forbes

Critical Zero-Day Exposes FTP Servers To Attack

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Some weeks start better than others. If you are a member of an ...
Bleeping Computer

Exploit for CrushFTP RCE chain released, patch now

Additional measures that can be implemented to enhance CrushFTP security further include: Using a limited privilege operating system service account for CrushFTP. Deploying Nginx or Apache as a ...
Linux Journal

Configuring and Using an FTP Proxy

Running a public FTP site securely can be difficult. Taking full advantage of the security features supported by your FTP server application of choice can be a chore, and even then there's a good ...
TechRadar

Top file transfer tool CrushFTP says a thousand servers are still vulnerable to cyberattack, so patch now

CrushFTP had a flaw that allowed admin access via HTTPS It was patched in early July 2025, but risks persist Around 1,000 servers running older versions at risk as attacks are spotted in the wild ...
heise online

CrushFTP: New CVE entry and details of attacked vulnerability

Attacks on a vulnerability in the CrushFTP data transfer software have been known on the Internet since last week. The initial vulnerability description remained extremely superficial and only ...
heise online

CrushFTP: Older versions can grant unauthorized admin access

Anyone using CrushFTP for data transfer should check that the version they are using is up to date. Last Friday, the development team discovered attacks in the wild on older versions, which in the ...