Fortra

Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks

exploited, Fortra, GoAnywhere, Ransomware, Vulnerabilities, vulnerability, Zero-Day /

Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks 2025-10-07 at 12:40 By Ionut Arghire The Medusa ransomware operators exploited the GoAnywhere MFT vulnerability one week before patches were released. The post Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to […]

React to this headline:

Loading spinner

Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks Read More »

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035)

0-day, Don't miss, enterprise, Fortra, Hot stuff, News, Rapid7, WatchTowr /

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035) 2025-09-26 at 17:50 By Zeljka Zorz CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in zero-day attacks before the patch was released on September 15, 2025. Evidence of in-the-wild exploitation revealed On September 18, Fortra

React to this headline:

Loading spinner

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035) Read More »

Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day

exploited, Fortra, GoAnywhere, MFT, Vulnerabilities /

Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day 2025-09-26 at 14:50 By Ionut Arghire Eight days before patches, a threat actor exploited CVE-2025-10035 as a zero-day to create a backdoor admin account. The post Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day Read More »

Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035)

Don't miss, enterprise, Fortra, News, security update, SMBs, VulnCheck, vulnerability /

Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035) 2025-09-22 at 14:20 By Zeljka Zorz If you’re running Fortra’s GoAnywhere managed file transfer solution and you haven’t updated to the latest available version for a while, do so now or risk getting your instance compromised via CVE-2025-10035. About CVE-2025-10035 CVE-2025-10035 is a critical deserialization

React to this headline:

Loading spinner

Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035) Read More »

Fortra Patches Critical GoAnywhere MFT Vulnerability

Fortra, MFT, Vulnerabilities, vulnerability /

Fortra Patches Critical GoAnywhere MFT Vulnerability 2025-09-22 at 10:54 By Ionut Arghire Tracked as CVE-2025-10035 (CVSS score of 10), the critical deserialization vulnerability could be exploited for command injection. The post Fortra Patches Critical GoAnywhere MFT Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Fortra Patches Critical GoAnywhere MFT Vulnerability Read More »

The state of DMARC adoption: What 10M domains reveal

cybersecurity, DMARC, Don't miss, email security, Fortra, News, Video /

The state of DMARC adoption: What 10M domains reveal 2025-09-11 at 07:43 By Help Net Security In this Help Net Security video, John Wilson, Senior Fellow, Threat Research at Fortra, explores the state of DMARC adoption across the top 10 million internet domains. He explains how SPF, DKIM, and DMARC work together to prevent email

React to this headline:

Loading spinner

The state of DMARC adoption: What 10M domains reveal Read More »

How cybercriminals exploit psychological triggers in social engineering attacks

Avast, cybercrime, cybersecurity, Don't miss, Fortra, News, Proofpoint, Reality Defender, Secure Yeti, social engineering, tips, Zscaler /

How cybercriminals exploit psychological triggers in social engineering attacks 2025-05-06 at 08:03 By Sinisa Markovic Most attacks don’t start with malware; they begin with a message that seems completely normal, whether it comes through email, a phone call, or a chat, and that is exactly what makes them so effective. These threats rely on psychological

React to this headline:

Loading spinner

How cybercriminals exploit psychological triggers in social engineering attacks Read More »

When confusion becomes a weapon: How cybercriminals exploit economic turmoil

cyber resilience, cybercriminals, cybersecurity, Don't miss, Expert analysis, Expert corner, Fortra, Hot stuff, News, opinion, social engineering /

When confusion becomes a weapon: How cybercriminals exploit economic turmoil 2025-04-23 at 09:02 By Help Net Security It begins with a simple notification: “Markets in Free Fall.” Within moments, the headlines multiply: new tariffs, emergency actions, plummeting consumer confidence. Across boardrooms and break rooms, anxiety ripples at every level. People begin refreshing inboxes and apps

React to this headline:

Loading spinner

When confusion becomes a weapon: How cybercriminals exploit economic turmoil Read More »

Inside PlugValley: How this AI vishing-as-a-service group operates

cybercrime, cybercriminals, Don't miss, Fortra, News, Video, vishing /

Inside PlugValley: How this AI vishing-as-a-service group operates 2025-04-17 at 07:41 By Help Net Security In this Help Net Security video, Alexis Ober, Threat Intel Analyst at Fortra, discusses the threat actor group PlugValley, which is now offering AI-powered vishing-as-a-service. Rather than requiring technical skills or large budgets, PlugValley’s service lets any cybercriminal launch vishing

React to this headline:

Loading spinner

Inside PlugValley: How this AI vishing-as-a-service group operates Read More »

Only 1% of malicious emails that reach inboxes deliver malware

cybersecurity, Email, email security, Fortra, News, phishing, report, survey /

Only 1% of malicious emails that reach inboxes deliver malware 2025-04-02 at 07:04 By Help Net Security 99% of email threats reaching corporate user inboxes in 2024 were response-based social engineering attacks or contained phishing links, according to Fortra. Only 1% of malicious emails that reached user inboxes delivered malware. This shows that while common

React to this headline:

Loading spinner

Only 1% of malicious emails that reach inboxes deliver malware Read More »

AI threats and workforce shortages put pressure on security leaders

Artificial Intelligence, cybersecurity, Don't miss, Fortra, Hot stuff, professional, threats, Video /

AI threats and workforce shortages put pressure on security leaders 2025-03-07 at 07:30 By Help Net Security In this Help Net Security video, John Grancarich, Fortra’s Chief Strategy Officer, discusses the 2025 Fortra State of Cybersecurity Survey and highlights escalating concerns among security professionals about AI-driven threats and a shortage of cybersecurity skills. The survey

React to this headline:

Loading spinner

AI threats and workforce shortages put pressure on security leaders Read More »

The compliance illusion: Why your company might be at risk despite passing audits

auditing, CISO, Compliance, CXO, cybersecurity, Don't miss, Fortra, Hot stuff, how-to, ISO 27001, News, NIST, PCI DSS, regulation, strategy, tips /

The compliance illusion: Why your company might be at risk despite passing audits 2025-02-26 at 08:20 By Mirko Zorz For many CISOs, compliance can feel like a necessary evil and a false sense of security. While frameworks like ISO 27001, SOC 2, and PCI DSS offer structured guidelines, they don’t automatically equate to strong cybersecurity.

React to this headline:

Loading spinner

The compliance illusion: Why your company might be at risk despite passing audits Read More »

Scam Yourself attacks: How social engineering is evolving

cybersecurity, Don't miss, Expert analysis, Expert corner, Fortra, Hot stuff, News, opinion, scams, social engineering, threats /

Scam Yourself attacks: How social engineering is evolving 2025-01-21 at 07:30 By Help Net Security We’ve entered a new era where verification must come before trust, and for good reason. Cyber threats are evolving rapidly, and one of the trends getting a fresh reboot in 2025 is the “scam yourself” attacks. These aren’t your run-of-the-mill

React to this headline:

Loading spinner

Scam Yourself attacks: How social engineering is evolving Read More »

Weekly IT Vulnerability Report: Cyble Researchers Find Nearly 1 Million Exposed Fortinet, SonicWall Devices

darkweb, Fortra, SonicWall, Threat Intelligence, Traccar, vulnerability /

Weekly IT Vulnerability Report: Cyble Researchers Find Nearly 1 Million Exposed Fortinet, SonicWall Devices 2024-08-30 at 16:31 By dakshsharma16 Key Takeaways Overview Cyble’s weekly vulnerability report for August 21-27 found the highest number of exposed vulnerable assets in nearly three months, since a widespread PHP vulnerability was found in early June. Cyble researchers found more

React to this headline:

Loading spinner

Weekly IT Vulnerability Report: Cyble Researchers Find Nearly 1 Million Exposed Fortinet, SonicWall Devices Read More »

Fortra Patches Critical Vulnerability in FileCatalyst Workflow

Fortra, Vulnerabilities, vulnerability /

Fortra Patches Critical Vulnerability in FileCatalyst Workflow 2024-08-30 at 14:31 By Ionut Arghire Fortra limits access to FileCatalyst Workflow database after vendor knowledgebase article leaks default credentials. The post Fortra Patches Critical Vulnerability in FileCatalyst Workflow appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

Fortra Patches Critical Vulnerability in FileCatalyst Workflow Read More »

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

credentials, Don't miss, Dynatrace, enterprise, file-sharing, Fortra, Hot stuff, News, SQL injection, Tenable, vulnerability /

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) 2024-08-28 at 12:02 By Zeljka Zorz Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB, the attacker can perform malicious operations in the database. For

React to this headline:

Loading spinner

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) Read More »

Fortra Patches Critical SQL Injection in FileCatalyst Workflow

Fortra, Vulnerabilities, vulnerability /

Fortra Patches Critical SQL Injection in FileCatalyst Workflow 2024-06-28 at 14:16 By Ionut Arghire Fortra has patched a critical-severity vulnerability in FileCatalyst Workflow leading to the creation of administrator accounts. The post Fortra Patches Critical SQL Injection in FileCatalyst Workflow appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

Fortra Patches Critical SQL Injection in FileCatalyst Workflow Read More »

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)

CVE, Don't miss, exploit, file-sharing, Fortra, Hot stuff, MFT, News, PoC, SQL injection, Tenable, vulnerability /

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) 2024-06-27 at 12:31 By Zeljka Zorz A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s currently no reports of in-the-wild exploitation, enterprise admins are advised to patch their installations as soon as possible.

React to this headline:

Loading spinner

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) Read More »

Cybercriminal adoption of browser fingerprinting

bot, browser, cybercriminals, cybersecurity, Don't miss, Expert analysis, Expert corner, Fortra, Hot stuff, News, opinion, phishing, PhishLabs /

Cybercriminal adoption of browser fingerprinting 2024-04-05 at 08:01 By Help Net Security Browser fingerprinting is one of many tactics phishing site authors use to evade security checks and lengthen the lifespan of malicious campaigns. While browser fingerprinting has been used by legitimate organizations to uniquely identify web browsers for nearly 15 years, it is now

React to this headline:

Loading spinner

Cybercriminal adoption of browser fingerprinting Read More »

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

Don't miss, exploit, Fortra, Hot stuff, News, PoC, security update, vulnerability /

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) 2024-03-19 at 14:01 By Helga Labus Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published. About CVE-2024-25153 Fortra FileCatalyst is an enterprise managed file transfer (MFT) software solution that includes several components: FileCatalyst Direct, Workflow, and

React to this headline:

Loading spinner

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) Read More »

Scroll to Top