Progress orders emergency ShareFile server shutdown over mystery security threat

toomuchtodo1 pts1 comments

Progress orders emergency ShareFile server shutdown over mystery security threat

Jump to main content

Search

REG AD

Security

Progress orders emergency ShareFile server shutdown over mystery security threat

Vendor insists there's no evidence of unauthorized access, but it's asking customers to take one of the most drastic precautions available

Carly Page

Carly<br>Page

Published<br>mon 13 Jul 2026 // 11:31 UTC

Progress Software has ordered some ShareFile customers to pull the plug on their own servers after detecting what it describes as a "credible external security threat" targeting the on-premises component of its enterprise file-sharing platform.<br>The emergency warning, sent by email and seen by The Register, instructed organizations running ShareFile Storage Zone Controllers to take the unusual step of manually shutting down the Windows servers that host the software, with no patch or configuration workaround yet announced.<br>"We have reason to believe there is a credible external security threat targeting Progress Software's ShareFile Storage Zone Controllers," the company wrote, adding that it had already disabled access to ShareFile accounts using Storage Zone Controllers, but warned this alone was not enough.

REG AD

"IMMEDIATE ACTION REQUIRED: You must manually shut down the server hosting your Storage Zone Controllers," the email continued. “This is a critical additional step to ensure the safety of your data."

REG AD

The company said the restrictions were being imposed "out of an abundance of caution" as it works with internal and external security experts to investigate the threat. Customers reported that Progress was also calling affected organizations directly to reinforce the message.<br>A follow-up notice over the weekend offered little additional detail. Progress said it had "no indication of unauthorized access to any ShareFile customer account or data, and we have not identified any active threat," but instructed customers to keep Storage Zone Controllers offline even as cloud services were gradually restored.<br>Exactly what prompted such a dramatic response remains unclear. Progress has not disclosed the nature of the threat, whether any customers have been compromised, which software versions are affected, or when administrators can safely power systems back on.<br>A spokesperson at Progress Software did not answer our questions, instead they sent a statement to The Register:<br>"Protecting our customers' data and maintaining the security of our services remain our highest priorities. As of 5 p.m. ET on Sunday, July 12, we notified all ShareFile customers with Storage Zone Controllers that their access to the Progress ShareFile cloud service has been restored. However, Storage Zone Controllers must remain turned off while we complete our investigation. At this time, we have no evidence of unauthorized access to any ShareFile customer account or data, and we have not identified any active threat. We will continue to provide customers with updates as additional information becomes available. "<br>The information vacuum has fueled speculation. One Progress customer on Reddit speculated that if the vendor is telling customers to completely shut down servers, "it's almost certainly an unauthenticated RCE being exploited in the wild."

MORE CONTEXT

Oracle E-Business Suite was under attack via critical flaw before the public exploit code was even released

Barts Health seeks High Court block after Clop pillages NHS trust data

Extra, extra, read all about it: Washington Post clobbered in Clop caper

Red Hat fesses up to GitLab breach after attackers brag of data theft

Storage Zone Controllers are the on-premises component of ShareFile that allows organizations to keep files on their own infrastructure while continuing to use Progress's cloud platform for authentication and management. Because they typically sit on internet-facing Windows servers, they present an attractive target if a serious, remotely exploitable flaw emerges.<br>The incident also arrives just months after Progress patched two critical vulnerabilities in ShareFile Storage Zone Controller v5 that could be chained into unauthenticated remote code execution, although the company has not linked the current incident to those bugs.

REG AD

Progress is no stranger to security crises. The vendor spent much of 2023 and 2024 dealing with the fallout from mass exploitation of its MOVEit Transfer software by the Clop ransomware gang, a campaign that snowballed into one of the largest supply chain breaches on record.<br>Whatever Progress has found this time around, it has decided that customers are better off with their servers powered down than running. ®

progress software<br>storage<br>security

REG AD

On-prem

IBM's mainframe sales get mugged by AI hardware panic

CEO Krishna: Customers blew their Z budgets on servers and storage before prices spike, Q2 financials 'disappointing'

SCIENCE

Sun sets on Vulcan Centaur as NASA moves SunRISE to SpaceX...

progress sharefile customers storage security threat

Related Articles