CERT-EU - CrushFTP zero-day exploited in the wild

Threat actors are exploiting a zero-day vulnerability in CrushFTP versions prior to v10.8.5 and v11.3.4_23, allowing administrative access via the web interface. The attack vector is HTTP(S) and may have begun on July 17th. Affected users should check for signs of compromise and restore their default user from a backup.