Risky Bulletin Newsletter
April 22, 2024
Risky Biz News: FTA hacking spree continues with CrushFTP zero-day
Presented by

News Editor
An unidentified threat actor is exploiting a zero-day vulnerability in CrushFTP, an enterprise file-transfer software solution.
CrushFTP released a patch on Friday, hours after it learned of the attacks from the Airbus CERT team. CrowdStrike also confirmed the zero-day later in the day and described the attacks as "targeted."
The zero-day was assigned CVE-2024-4040.