file-sharing

RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406)

0-day, CISA, Don't miss, enterprise, file-sharing, Gladinet, Hot stuff, MSP, News /

RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406) 2025-04-09 at 13:43 By Zeljka Zorz A critical RCE vulnerability (CVE-2025-30406) affecting the Gladinet CentreStack file-sharing/remote access platform has been added to CISA’s Known Exploited Vulnerabilities catalog on Tuesday. According to the vulnerability’s entry in NIST’s National Vulnerability Database, the flaw has been leveraged […]

React to this headline:

Loading spinner

RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406) Read More »

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)

CrushFTP, Don't miss, enterprise, file-sharing, Hot stuff, News, security update, SMBs, vulnerability /

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) 2025-03-27 at 13:14 By Zeljka Zorz CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them). Attackers, especially ransomware gangs, have a penchant for leveraging 0-day

React to this headline:

Loading spinner

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) Read More »

Cleo patches zero-day exploited by ransomware gang

Cleo, enterprise, file-sharing, Huntress, News, Ransomware, Rapid7, Sophos /

Cleo patches zero-day exploited by ransomware gang 2024-12-12 at 18:34 By Zeljka Zorz Cleo has released a security patch to address the critical vulnerability that started getting exploited while still a zero-day to breach internet-facing Cleo Harmony, VLTrader, and LexiCom instances. Version 5.8.0.24 of the three products, which was pushed out on Wednesday, plugs the

React to this headline:

Loading spinner

Cleo patches zero-day exploited by ransomware gang Read More »

Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623)

Cleo, CVE, Don't miss, file-sharing, Hot stuff, Huntress, News, vulnerability /

Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623) 2024-12-10 at 15:35 By Zeljka Zorz Attackers are exploiting a vulnerability (CVE-2024-50623) in file transfer software by Cleo – LexiCo, VLTransfer, and Harmony – to gain access to organizations’ systems, Huntress researchers warned on Monday. “We’ve discovered at least 10 businesses whose Cleo servers were

React to this headline:

Loading spinner

Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623) Read More »

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

credentials, Don't miss, Dynatrace, enterprise, file-sharing, Fortra, Hot stuff, News, SQL injection, Tenable, vulnerability /

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) 2024-08-28 at 12:02 By Zeljka Zorz Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB, the attacker can perform malicious operations in the database. For

React to this headline:

Loading spinner

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) Read More »

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)

CVE, Don't miss, exploit, file-sharing, Fortra, Hot stuff, MFT, News, PoC, SQL injection, Tenable, vulnerability /

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) 2024-06-27 at 12:31 By Zeljka Zorz A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s currently no reports of in-the-wild exploitation, enterprise admins are advised to patch their installations as soon as possible.

React to this headline:

Loading spinner

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) Read More »

Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806)

Don't miss, enterprise, file-sharing, Hot stuff, MFT, News, PoC, Progress, security update, WatchTowr /

Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806) 2024-06-25 at 21:16 By Zeljka Zorz Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file transfer (MFT) software product. According to WatchTowr Labs researchers, the company has been privately instructing users to implement the hotfixes before

React to this headline:

Loading spinner

Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806) Read More »

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)

CVE, Don't miss, enterprise, file-sharing, Hot stuff, News, SolarWinds, vulnerability /

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) 2024-06-07 at 20:01 By Zeljka Zorz SolarWinds has fixed a high-severity vulnerability (CVE-2024-28995) affecting its Serv-U managed file transfer (MFT) server solution, which could be exploited by unauthenticated attackers to access sensitive files on the host machine. About CVE-2024-28995 Serv-U MFT Server is a widely used enterprise solution that

React to this headline:

Loading spinner

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) Read More »

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

Don't miss, enterprise, file-sharing, Fortra, Horizon3.ai, Hot stuff, News, PoC, Shodan, SMBs, Tenable, vulnerability /

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) 2024-01-24 at 15:32 By Zeljka Zorz Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based managed file transfer solution

React to this headline:

Loading spinner

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) Read More »

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)

Assetnote, Don't miss, file-sharing, Hot stuff, News, Progress, Rapid7, security update, vulnerability /

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044) 02/10/2023 at 14:17 By Helga Labus Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities (CVE-2023-40044, CVE-2023-42657) in WS_FTP Server, another popular secure file transfer solution. Proof-of-concept code for CVE-2023-40044 has been available since Friday, and Rapid7 researchers

React to this headline:

Loading spinner

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044) Read More »

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489)

Citrix, Citrix ShareFile, Don't miss, enterprise, file-sharing, Hot stuff, News, PoC, security update, vulnerability /

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489) 17/08/2023 at 14:16 By Zeljka Zorz CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers. GreyNoise has flagged on Tuesday a sudden spike in IP addresses from which exploitation attempts are coming, and the Cybersecurity and Infrastructure Agency (CISA)

React to this headline:

Loading spinner

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489) Read More »

Has the MOVEit hack paid off for Cl0p?

Coveware, cybercrime, data theft, Don't miss, Emsisoft, enterprise, extortion, file-sharing, hack, Hot stuff, KonBriefing Research, News /

Has the MOVEit hack paid off for Cl0p? 24/07/2023 at 17:18 By Zeljka Zorz The number of known Cl0p victims resulting from its Memorial Day attack on vulnerable internet-facing MOVEit Transfer installations has surpassed 420, according to IT market research company KonBriefing Research. The cyber extortion group has lately switched to setting up company-specific leak

React to this headline:

Loading spinner

Has the MOVEit hack paid off for Cl0p? Read More »

MOVEit compromise affects pension systems, insurers

data breach, data theft, Don't miss, file-sharing, Hot stuff, News, third party compromise /

MOVEit compromise affects pension systems, insurers 26/06/2023 at 14:32 By Helga Labus The compromise of PBI Research and The Berwyn Group’s MOVEit installation has resulted in the theft of data belonging to several pension systems and insurance companies – and millions of their users. PBI + Berwyn Group – a population management provider – was

React to this headline:

Loading spinner

MOVEit compromise affects pension systems, insurers Read More »

A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708)

Data leak, Don't miss, extortion, file-sharing, Hot stuff, News, Progress, USA, vulnerability, WithSecure /

A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708) 19/06/2023 at 15:09 By Zeljka Zorz Progress Software has asked customers to update their MOVEit Transfer installations again, to fix a third SQL injection vulnerability (CVE-2023-35708) discovered in the web application in less that a month. Previously, the Cl0p cyber extortion gang exploited CVE-2023-34362 to

React to this headline:

Loading spinner

A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708) Read More »

Cl0p announces rules for extortion negotiation after MOVEit hack

Censys, Don't miss, extortion, file-sharing, Hot stuff, Huntress, News, Progress, vulnerability /

Cl0p announces rules for extortion negotiation after MOVEit hack 08/06/2023 at 14:03 By Zeljka Zorz The Cl0p cyber extortion crew says that the many organizations whose data they have pilfered by exploiting a vulnerability in the MOVEit Transfer solution have until June 14 to get in contact with them – or they will post their

React to this headline:

Loading spinner

Cl0p announces rules for extortion negotiation after MOVEit hack Read More »

MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362)

0-day, data theft, Don't miss, enterprise, extortion, file-sharing, Hot stuff, Mandiant, News, Rapid7, vulnerability /

MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362) 05/06/2023 at 15:10 By Zeljka Zorz The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: CVE-2023-34362. Based on information shared by Mandiant, Rapid7 and other security researchers, the attackers seem to have opportunistically targeted as many

React to this headline:

Loading spinner

MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362) Read More »

MOVEit Transfer zero-day attacks: The latest info

0-day, attack, data theft, Don't miss, enterprise, file-sharing, Hot stuff, Huntress, News, Progress, Rapid7, TrustedSec, vulnerability /

MOVEit Transfer zero-day attacks: The latest info 02/06/2023 at 12:41 By Zeljka Zorz There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – patches and helpful instructions for customers. The MOVEit Transfer zero-day and updated mitigation and remediation advice Progress Software has updated the

React to this headline:

Loading spinner

MOVEit Transfer zero-day attacks: The latest info Read More »

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers!

0-day, attack, Don't miss, enterprise, file-sharing, Hot stuff, News, Progress, threat, vulnerability /

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! 01/06/2023 at 18:18 By Zeljka Zorz A critical zero-day vulnerability in Progress Software’s enterprise managed file transfer solution MOVEit Transfer is being exploited by attackers to grab corporate data. “[The vulnerability] could lead to escalated privileges and potential unauthorized access to the environment,” the company warned

React to this headline:

Loading spinner

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! Read More »

Scroll to Top