Over 1,400 CrushFTP servers vulnerable to actively exploited bug
April 25, 2024 at 12:50PM “Over 1,400 vulnerable CrushFTP servers exposed online are currently targeted by attacks exploiting a critical SSTI vulnerability (CVE-2024-4040), allowing unauthenticated attackers to gain remote code execution. The severity of the flaw was confirmed by Rapid7, with 1,401 unpatched instances discovered. Active exploitation of the zero-day was reported, prompting urgent patching … Read more