Progress Software Warns of “External Security Threat” to ShareFile

The private data storage solution of file-sharing giant Progress Software has likely been compromised.

The company informed some of its customers on July 10 that it was aware of “a credible external security threat targeting Progress ShareFile Storage Zone Controllers.”

ShareFile is Progress’ flagship enterprise file-sharing service and Storage Zone Controller provides ShareFile customers with private data storage.

The company-issued email was posted by a ShareFile user on Progress Software’s official ShareFile Community forum, hosted on the company’s support website, in response to another user who had reported service disruptions.

Progress said there is no evidence of unauthorized access to ShareFile accounts or data but it confirmed having temporarily disabled access to these accounts.

Users are also urged to manually shut down the server hosting their Storage Zone Controller.

Progress said it has launched internal and external security investigations to assess the potential threat.

No information has been provided about the evidence that led to the threat detection or details on when the disruption would be resolved.

“You can expect to hear from us in the next 24 hours,” the company wrote on July 10.

Several ShareFile users on Reddit reported on July 13 that the company had not provided any updates for the previous three days. This appears consistent with the ShareFile status portal, which shows its most recent update was published on July 10.

Some forum participants also speculated that the incident might be linked to the exploitation of recently disclosed vulnerabilities or possibly a new zero-day flaw. However, Progress Software has not confirmed these claims.

Speaking to Infosecurity on July 13, a spokesperson for Progress Software said, “As of 5 p.m. ET on July 12, we notified all ShareFile customers with Storage Zone Controllers that their access to the Progress ShareFile cloud service has been restored. However, Storage Zone Controllers must remain turned off while we complete our investigation.”

“At this time, we have no evidence of unauthorized access to any ShareFile customer account or data, and we have not identified any active threat,” the company added.

Progress has a history of security incidents, including the 2023 breach of its MOVEit Transfer product which was exploited in widespread ransomware attacks. A critical vulnerability in MOVEit Automation was was reported in April 2026 that led to further disruptions.

This article was updated on July 13 to add comments from Progress Software.

Image credit: Piotr Swat / Shutterstock.com

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *