The Reichsadler Cybercrime Group attempted to deploy ransomware on unpatched WS_FTP servers using a stolen LockBit 3.0 builder. The attackers used the GodPotato tool to escalate privileges on the servers.
Progress Software released fixes for eight vulnerabilities in WS_FTP, including one with a maximum severity score, but evidence of exploitation was discovered shortly after.