Unknown attackers have exploited a vulnerability (CVE-2025‑54309) in the CrushFTP enterprise file-transfer server solution to gain administrative access to vulnerable deployments. It’s currently unclear what the attackers are using this access for, but data theft looks most likely. According to the Shadowserver Foundation, there are currently around 1,040 exposed and unpatched CrushFTP instances vulnerable to CVE-2025-54309, predominantly located in the US, Europe, and Canada. How many have been compromised since the attacks began is difficult … More →
The post Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309) appeared first on Help Net Security.
More popular npm packages hijacked to spread malware – TechRadar
More popular npm packages hijacked to spread malware TechRadar
