Hacking

Following the Confirmation of Ongoing Exploitation, CISA includes CrushFTP Vulnerability in KEV Directory

AndyC 9 April 2025

U.S.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included a recently uncovered severe security weakness affecting CrushFTP in its Known Exploited Vulnerabilities (KEV) directory, as reports surfaced about the ongoing exploitation in the real world.
The flaw enables an unauthorized attacker to potentially assume control of vulnerable instances, as it involves an authentication bypass.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: added, been, critical, CrushFTP, Cybersecurity, disclosed, flaw, impacting, recently, Security

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

AndyC 18 December 2025

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

AndyC 18 December 2025

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

AndyC 18 December 2025

Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

AndyC 18 December 2025

APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign

APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign

AndyC 18 December 2025

New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails

New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails

AndyC 18 December 2025

ESET Threat Report H2 2025

ESET Threat Report H2 2025

AndyC 17 December 2025

ESET Research A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research...

Read More

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025

Business Security Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found Tony Anscombe 12 Dec 2025 • ...

Read More

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025

Business Security Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found Tony Anscombe 12 Dec 2025 • ...

Read More

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025

Business Security Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found Tony Anscombe 12 Dec 2025 • ...

Read More

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025

Business Security Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found Tony Anscombe 12 Dec 2025 • ...

Read More

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025

Business Security Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found Tony Anscombe 12 Dec 2025 • ...

Read More

Smashing Security podcast #448: The Kindle that got pwned

Smashing Security podcast #448: The Kindle that got pwned

AndyC 18 December 2025

What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek

Private Certificate Authority 101: From Setup to Management

AndyC 18 December 2025

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

AndyC 18 December 2025

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

AndyC 18 December 2025

Microsoft warns MSMQ may fail after update, breaking apps

LLM10: Unbounded Consumption – FireTail Blog

AndyC 18 December 2025