[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fINiZRZLZ-q9D61e_v1TrQ8LwQcWdIf0bOc12vFajIR8":3},{"article":4,"iocs":47},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":26,"category":27,"article_tags":31},"ebe4faf3-cace-4402-99f7-285a321efbb3","Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns","progress-prompts-sharefile-storage-zone-controller-shutdown-amid-security-concer-859e05","The company notified customers to manually shut down their servers while it is investigating a credible threat. The post Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns appeared first on SecurityWeek.","Progress Software has notified ShareFile customers to manually shut down their Storage Zone Controller servers while investigating a credible external security threat. The company has disabled access to ShareFile accounts using Storage Zone Controllers as a protective measure, though it reports no unauthorized account access or customer data compromise to date. Users speculate the threat may target two previously patched vulnerabilities (CVE-2026-2699 and CVE-2026-2701) that could enable remote code execution without authentication.","Progress Software prompts ShareFile customers to shut down Storage Zone Controllers due to credible security threat.","Enterprise software giant Progress Software on Friday prompted ShareFile customers to shut down Storage Zone Controller servers amid security concerns. A Storage Zone Controller provides ShareFile customers with private data storage, either on-premises or on a third-party storage system, that is protected with an application-specific password and is self-managed. On Friday, the company notified customers that it had disabled access to ShareFile accounts using the Storage Zone Controllers and that it is investigating a ‘credible external security threat’. “We are aware of a credible external security threat targeting Progress ShareFile Storage Zone Controllers,” a message on the company’s forums reads. Progress also told customers that, as an additional protection measure, they should manually shut down their Storage Zone Controllers. “Please manually shut down the server hosting your Storage Zone Controllers as soon as possible while Progress continues its assessment with cybersecurity experts,” the company’s message reads.Advertisement. Scroll to continue reading. In a private communication sent to customers, Progress said the access restrictions were temporary, but did not provide details on when the issue would be resolved. “At this time, we do not indicate unauthorized access to any Progress ShareFile accounts or customer data,” the company said. Progress has not shared details about the security threat, but users speculate that threat actors might be targeting two vulnerabilities addressed in March. The flaws, tracked as CVE-2026-2699 (CVSS score of 9.8) and CVE-2026-2701 (CVSS score of 9.1), could be chained together to make configuration changes and upload malicious files to achieve remote code execution (RCE) without authentication. SecurityWeek has emailed Progress for a statement on the matter and will update this article if the company responds. Related: Unpatched Backdoor in Tenda Firmware Grants Admin Access to Devices Related: CISA Urges Immediate Patching of Exploited ColdFusion, Langflow, Joomla Flaws Related: Critical Gitea Flaw Under Active Exploitation, Researchers Warn Related: Critical Adobe ColdFusion Vulnerability Exploited in Attacks Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire Network of 200 GitHub Repositories Used for Malware Infection12 Million Impacted by Data Breach at Japanese Telco KDDI15-Year-Old Linux Vulnerability ‘GhostLock’ Earns Researchers $92k From GoogleMount Royal University Confirms Data Stolen in Ransomware AttackChrome 150 Update Patches 27 Vulnerabilities8Layers Raises $2.9 Million for Identity Security PlatformUnpatched Backdoor in Tenda Firmware Grants Admin Access to DevicesAccenture Confirms Data Breach After Hacker Claims Source Code Theft Latest News Organizations Warned of Exploited Joomla Extension VulnerabilitiesCenters Laboratory Data Breach Affects 540,000 IndividualsGhost Accounts Abuse GitHub API in Mass Recon CampaignIn Other News: DHS Database Hacked, Adobe Boosts Patch Cadence, Canada Disrupts Ransomware OpsThird US Security Expert Sentenced to Prison for Helping Ransomware GangChina, India-Linked Hackers Both Targeted Same Pakistani Police ForceOkta Warns of Vishing Attacks Targeting Microsoft 365 CustomersGigaWiper Combines Multiple Malware for System-Level Sabotage Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 16, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveBlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.Solana Foundation has appointed Michael Coates as Chief Information Security Officer.Michael Sikorski has joined Coinbase as Chief Information Security Officer.More People On The MoveExpert Insights The Shift Toward Business-Aligned Risk Management Moving from isolated, technical data to a continuous risk lifecycle can help organizations align security controls with actual business consequences. (Steve Durbin) How to Conduct a Successful Audit of AI-Driven Software Development As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. (Matias Madou) Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. (Joshua Goldfarb) The AI Token Costs That Can Break Cybersecurity As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. (Danelle Au) When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email","https:\u002F\u002Fwww.securityweek.com\u002Fprogress-prompts-sharefile-storage-zone-controller-shutdown-amid-security-concerns\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F01\u002Fapplication-security-vulnerabilities.jpeg","2026-07-13T08:20:46+00:00","2026-07-13T10:00:17.417397+00:00",8,[18,21,24],{"name":19,"type":20},"Progress Software","vendor",{"name":22,"type":23},"Progress ShareFile","product",{"name":25,"type":23},"ShareFile Storage Zone Controller","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":26,"icon":28,"name":29,"slug":30},null,"Vulnerabilities","vulnerabilities",[32,37,42],{"category":33},{"id":34,"icon":28,"name":35,"slug":36},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":38},{"id":39,"icon":28,"name":40,"slug":41},"c5eccf7c-abbc-4bd3-bbed-e6da5cba8e73","Incident Response","incident-response",{"category":43},{"id":44,"icon":28,"name":45,"slug":46},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[48,52],{"type":49,"value":50,"context":51},"cve","CVE-2026-2699","Critical vulnerability in Progress ShareFile (CVSS 9.8) allowing RCE through chained exploitation without authentication",{"type":49,"value":53,"context":54},"CVE-2026-2701","Critical vulnerability in Progress ShareFile (CVSS 9.1) allowing RCE through chained exploitation without authentication"]