Security researchers report active exploitation of a critical authentication bypass vulnerability (CVE-2025-2825) in CrushFTP, affecting versions up to 11.3.0. Approximately 1,512 unpatched instances exist globally, primarily in North America. Exploits allow unauthenticated remote access, risking system compromise. Users are advised to upgrade to version 11.3.1 or 10.8.4+ and apply recommended mitigations immediately.

M&S issues update as crippling nationwide IT outage still ongoing – The Sun
Marks & Spencer (M&S) halted online orders in the UK and Ireland following a cyber attack, leading to a 5% drop in share price. Physical