Zero-Day in CentreStack File Sharing Platform Under Attack
Gladinet's platform is widely used among managed service providers, and a critical deserialization flaw could put MSP customers in jeopardy.
A 0-Day is a software vulnerability without an available fix, creating risk because defenders have limited time to mitigate exploitation.
Search across headline titles and summaries.
Background for this topic.
0-Day describes a software vulnerability unknown to the software maker or unpatched when first exploited. Attackers can use these flaws immediately, as no official fix or signature exists to block the exploit. Such vulnerabilities often affect widely deployed software or hardware, making them valuable for targeted attacks or widespread campaigns.
Because defenders lack patches or reliable detection signatures initially, they must rely on anomaly detection, network monitoring, and threat intelligence to identify suspicious activity linked to 0-day exploits. Rapid patching once a fix is released is critical to reduce exposure. Tracking emerging 0-day threats helps prioritize defensive measures and informs risk management decisions in environments where unpatched vulnerabilities pose significant security risks.
Gladinet's platform is widely used among managed service providers, and a critical deserialization flaw could put MSP customers in jeopardy.
Tech Giant Says Threat Actors Are Exploiting a Flaw in Widely-Targeted Windows ToolRansomware threat actors are exploiting a zero-day vulnerability discovered in a highly targeted Windows logging system tool in a campaign in part targeting U.S. IT and real estate sectors, Microsoft confirmed in a Tuesday blog post urging customers to apply available patches.
Hackers exploited a vulnerability in Gladinet CentreStack's secure file-sharing software as a zero-day since March to breach storage servers [...]
Microsoft has issued security updates to fix 130+ vulnerabilities this month, including one zero-day
Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets
Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims' systems. [...]
Today is Microsoft's April 2025 Patch Tuesday, which includes security updates for 134 flaws, including one actively exploited zero-day vulnerability. [...]
Neither security issue requires user interaction; and one of the vulnerabilities was used to unlock a student activist's device in an attempt to install spyware.
EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. [...]