Back to Feed
VulnerabilitiesJul 10, 2026

Progress urges ShareFile admins to shut down servers over “credible” threat

Progress Software urges ShareFile admins to shut down servers due to a credible external security threat.

Summary

Progress Software has alerted ShareFile customers using on-premises Storage Zone Controllers to immediately shut down their servers due to a credible external security threat. While no unauthorized access to accounts or data is currently indicated, Progress has temporarily disabled access and requires manual server shutdowns as a precautionary measure while investigating.

Full text

Progress urges ShareFile admins to shut down servers over “credible” threat By Lawrence Abrams July 10, 2026 12:26 PM 0 Progress Software is emailing ShareFile customers who use Storage Zone Controllers to immediately shut down their servers after identifying what it describes as a "credible external security threat" targeting the on-premises secure file-sharing software. ShareFile is Progress Software's enterprise secure file sharing and collaboration platform that allows customers to host their files in Progress' cloud infrastructure. However, organizations can opt to deploy Storage Zone Controllers to on-premise Windows servers to allow files to remain hosted locally within an organization's own storage while continuing to use ShareFile's cloud platform for authentication, user management, sharing, and collaboration. In these hybrid deployments, the ShareFile cloud authenticates users and determines which Storage Zone contains their files. When a user uploads or downloads a file, ShareFile directs the request to the organization's Storage Zone Controller, which retrieves or stores the file on the company's own storage before transferring it to the user. Because Storage Zone Controllers handle file transfers between the cloud platform and and customer-managed storage, they are typically Internet-accessible servers. The warning, sent to customers in an email last night and seen by BleepingComputer, is titled "Service Disruption. Immediate Action Required." "We have reason to believe there is a credible external security threat targeting Progress Software's ShareFile Storage Zone Controllers," reads the email. "Currently, we have no indication of unauthorized access to any Progress ShareFile accounts or data. As a precaution, we have temporarily disabled access to ShareFile accounts using the Storage Zone Controllers, including yours." Progress is also instructing customers to manually shut down the Windows servers hosting Storage Zone Controllers, indicating that disabling access through the ShareFile cloud platform is not enough to mitigate the threat. "You must manually shut down the server hosting your Storage Zone Controllers. This is a critical additional step to ensure the safety of your data," the company told customers. Progress says it implemented temporary restrictions out of an "abundance of caution" while working with internal and external cybersecurity experts to investigate the threat, and it plans to provide customers with another update within 24 hours. The ShareFile status page now shows a warning stating, "ShareFile customers with Storage Zone Controllers are not operational at this time." Progress has not disclosed whether the threat involves a zero-day vulnerability or whether any Storage Zone Controllers have been compromised. The warning is similar to previous attacks targeting enterprise file transfer and file sharing software. In 2023, the Clop extortion gang exploited a zero-day vulnerability in Progress MOVEit Transfer to steal data from thousands of organizations before launching a widespread extortion campaign against victims. Since then, attackers have continued targeting Internet-facing managed file transfer and enterprise file-sharing platforms due to the sensitive data they often expose. A Progress spokesperson shared the same details provided to customers via email when asked by BleepingComputer for more information on the cyber threat. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper

Entities

ShareFile (product)Progress Software (vendor)Storage Zone Controllers (product)MOVEit Transfer attacks (campaign)Clop extortion gang (threat_actor)