"We have reason to believe there is a credible external security threat targeting Progress Software's ShareFile Storage Zone Controllers," reads an urgent email Progress sent to customers and that was seen by BleepingComputer.
Progress Software's urgent directive to ShareFile Storage Zone customers
Progress Software emailed ShareFile customers who use Storage Zone Controllers instructing them to immediately shut down the Windows servers that host those controllers. The message, titled "Service Disruption. Immediate Action Required," said Progress had "temporarily disabled access to ShareFile accounts using the Storage Zone Controllers, including yours," and emphasized that customers must still manually power down the servers because disabling cloud access alone is insufficient to mitigate the risk. BleepingComputer reported the email was sent "last night" and shared the contents with the public.
What Storage Zone Controllers do and why they are reachable
Storage Zone Controllers are on-premises Windows servers that organizations deploy so files remain in local storage while ShareFile's cloud handles authentication, user management, sharing and collaboration. In hybrid deployments, the ShareFile cloud directs file upload and download requests to an organization's Storage Zone Controller, which then retrieves or stores files on the customer-managed storage before transferring them to users. Because they manage file transfers between the cloud platform and customer storage, Storage Zone Controllers are typically Internet-accessible servers — a factor Progress implicitly cites in advising an immediate shutdown.
What Progress has changed and what it is investigating
Progress says it "temporarily disabled access to ShareFile accounts using the Storage Zone Controllers" as a precaution and told customers it is working with internal and external cybersecurity experts to investigate the "credible external security threat." The company instructed customers that manual shutdown of the hosting servers is a "critical additional step to ensure the safety of your data" and promised to provide another update within 24 hours. A Progress spokesperson relayed the same details to BleepingComputer when asked for more information.
What Progress has not disclosed and past parallels
Progress has not said whether the event involves a zero-day vulnerability or whether any Storage Zone Controllers have been compromised. The ShareFile status page now displays a warning: "ShareFile customers with Storage Zone Controllers are not operational at this time." The advisory notes this warning is similar to previous attacks on enterprise file transfer and file sharing software; the story explicitly references a 2023 incident in which the Clop extortion gang exploited a zero-day in Progress MOVEit Transfer to steal data and later run an extortion campaign. Since that event, attackers have continued targeting Internet-facing managed file transfer and enterprise file-sharing platforms because of the sensitive data those platforms often expose, the source observes.
How technologists, affected enterprises, and end users are responding
- Technologists and security teams: They have been asked to manually shut down Windows servers hosting Storage Zone Controllers and to treat cloud-side access restrictions as insufficient on their own; Progress advised the manual shutdown as a "critical additional step."
- Affected enterprises and procurement leaders: Organizations that chose hybrid deployments — keeping files on-premises while relying on ShareFile's cloud for authentication and collaboration — now face immediate operational disruption; the ShareFile status page confirms Storage Zone Controller customers are currently non-operational.
- End users and customers generally: Progress stated it has "no indication of unauthorized access to any Progress ShareFile accounts or data" at the time of the advisory, but it has temporarily disabled access for accounts that rely on Storage Zone Controllers while the investigation proceeds.
Progress has moved quickly to limit cloud-side access and to ask customers to take the rare step of powering down their own infrastructure. The company has framed the action as precautionary, pledged a further update within 24 hours, and declined at this stage to confirm whether the incident involves a flaw being actively exploited or any confirmed breaches. For the nearly identical operational pattern that followed the 2023 MOVEit incident referenced in the advisory, the practical consequence here is immediate downtime for customers that rely on Storage Zone Controllers and a short, confidential window while investigators — internal and external — determine whether the "credible" threat is materializing into compromise.
Read the original BleepingComputer report: https://www.bleepingcomputer.com/news/security/progress-urges-sharefile-customers-to-shut-down-servers-over-credible-threat/




