Security researchers report active exploitation of a critical authentication bypass vulnerability (CVE-2025-2825) in CrushFTP, affecting versions up to 11.3.0. Approximately 1,512 unpatched instances exist globally, primarily in North America. Exploits allow unauthenticated remote access, risking system compromise. Users are advised to upgrade to version 11.3.1 or 10.8.4+ and apply recommended mitigations immediately.

HHS layoffs could imperil medical device cybersecurity, Democrats say
Democrats and witnesses at a House hearing have warned that layoffs at the Department of Health and Human Services (HHS) could jeopardise oversight of medical