A critical vulnerability (CVE-2025-2825) in CrushFTP allows attackers to bypass authentication, affecting versions 10.0.0 to 10.8.3 and 11.0.0 to 11.3.0. With a CVSS score of 9.8, this flaw permits unauthorized access via a parameter misuse in the API. CrushFTP has released version 11.3.1 with fixes. Users are urged to upgrade immediately.
Only 1% of malicious emails that reach inboxes deliver malware
In 2024, 99% of email threats to corporations were found to be social engineering or phishing attacks, as per Fortra. Most pre-delivery email defenses struggle
