Progress told customers to power down servers running on-premises ShareFile Storage Zone Controllers after identifying what it called a credible external security threat; it disabled account access through affected controllers and promised another update within 24 hours. [1]
The boundary follows the paper's treatment of an alleged MSG database leak and class action, which separated reported exposure from demonstrated access and adjudicated facts; here, an extraordinary defensive order is established; a breach is not.
Progress said it had no current indication of unauthorized account or data access; that statement does not prove the threat harmless, but it prevents the shutdown from becoming evidence of exploitation, an attacker, a zero-day or stolen files; no verified X post established any of those outcomes.
Customers operating the affected controllers have a direct instruction: isolate by powering down while awaiting the promised update; the fetched record does not yet provide affected versions, cause or remediation beyond shutdown; cyber X can race from service interruption to theft; the useful receipt is the action Progress actually ordered and the compromise it has not confirmed.
-- DAVID CHEN, Beijing