Over 1,000 CrushFTP Servers Exposed to Ongoing Hijack Attacks

More than 1,000 instances of CrushFTP servers are currently exposed online and vulnerable to hijacking attacks exploiting a critical security bug. This vulnerability allows attackers to gain unauthorized administrative access to the web interface, potentially leading to full server compromise. The impacts include the possibility for attackers to take complete control of compromised servers. CrushFTP is a widely used file transfer solution, and this vulnerability poses a significant risk to organizations relying on it for secure file transfers. Immediate action is required for organizations using CrushFTP to verify if their instances are exposed and to apply any available patches or mitigations. Continuous monitoring for unusual administrative access or file transfer activities is critical to mitigating the risk. This vulnerability highlights the ongoing challenges in the cybersecurity landscape and the need for proactive security measures and rapid response to emerging threats.