• Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)
• WP Ultimate CSV Importer Flaws Expose 20,000 Websites to Attacks
• New Phishing Attack Combines Vishing and DLL Sideloading Techniques
• Building a reasonable cyber defense program
• Google to Switch on E2EE for All Gmail Users
• Attackers are probing Palo Alto Networks GlobalProtect portals
• Cybercriminals Expand Use of Lookalike Domains in Email Attacks
• Cyber Security and Resilience Bill Will Apply to 1000 UK Firms
• Why global tensions are a cybersecurity problem for every business
• How to build an effective cybersecurity simulation
• The human side of insider threats: People, pressure, and payback
• Generative AI Is reshaping financial fraud. Can security keep up?
• New Malware Variant RESURGE Exploits Ivanti Vulnerability
• ClickFake Interview Campaign by Lazarus Targets Crypto Job Seekers
• EU Commission to Invest €1.3bn in Cybersecurity and AI
• NCSC Urges Users to Patch Next.js Flaw Immediately
• US Seizes $8.2m from Romance Baiting Scammers
• Solar Power System Vulnerabilities Could Result in Blackouts

Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening, the Shadowserver Foundation has shared on Monday, and the attackers have been leveraging publicly available PoC exploit code. What can be done? CVE-2025-2825, affecting CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0, is an authentication bypass vulnerability that may allow unauthenticated attackers to access CrushFTP servers through an exposed HTTP(S) port. The vulnerability was privately disclosed to CrushFTP customers via email on …