Fortra

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035)

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035) 2025-09-26 at 17:50 By Zeljka Zorz CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in zero-day attacks before the patch was released on September 15, 2025. Evidence of in-the-wild exploitation revealed On September 18, Fortra […]

React to this headline:

Loading spinner

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035) Read More »

Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day

Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day 2025-09-26 at 14:50 By Ionut Arghire Eight days before patches, a threat actor exploited CVE-2025-10035 as a zero-day to create a backdoor admin account. The post Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day Read More »

Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035)

Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035) 2025-09-22 at 14:20 By Zeljka Zorz If you’re running Fortra’s GoAnywhere managed file transfer solution and you haven’t updated to the latest available version for a while, do so now or risk getting your instance compromised via CVE-2025-10035. About CVE-2025-10035 CVE-2025-10035 is a critical deserialization

React to this headline:

Loading spinner

Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035) Read More »

Fortra Patches Critical GoAnywhere MFT Vulnerability

Fortra Patches Critical GoAnywhere MFT Vulnerability 2025-09-22 at 10:54 By Ionut Arghire Tracked as CVE-2025-10035 (CVSS score of 10), the critical deserialization vulnerability could be exploited for command injection. The post Fortra Patches Critical GoAnywhere MFT Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Fortra Patches Critical GoAnywhere MFT Vulnerability Read More »

The state of DMARC adoption: What 10M domains reveal

The state of DMARC adoption: What 10M domains reveal 2025-09-11 at 07:43 By Help Net Security In this Help Net Security video, John Wilson, Senior Fellow, Threat Research at Fortra, explores the state of DMARC adoption across the top 10 million internet domains. He explains how SPF, DKIM, and DMARC work together to prevent email

React to this headline:

Loading spinner

The state of DMARC adoption: What 10M domains reveal Read More »

How cybercriminals exploit psychological triggers in social engineering attacks

How cybercriminals exploit psychological triggers in social engineering attacks 2025-05-06 at 08:03 By Sinisa Markovic Most attacks don’t start with malware; they begin with a message that seems completely normal, whether it comes through email, a phone call, or a chat, and that is exactly what makes them so effective. These threats rely on psychological

React to this headline:

Loading spinner

How cybercriminals exploit psychological triggers in social engineering attacks Read More »

When confusion becomes a weapon: How cybercriminals exploit economic turmoil

When confusion becomes a weapon: How cybercriminals exploit economic turmoil 2025-04-23 at 09:02 By Help Net Security It begins with a simple notification: “Markets in Free Fall.” Within moments, the headlines multiply: new tariffs, emergency actions, plummeting consumer confidence. Across boardrooms and break rooms, anxiety ripples at every level. People begin refreshing inboxes and apps

React to this headline:

Loading spinner

When confusion becomes a weapon: How cybercriminals exploit economic turmoil Read More »

Inside PlugValley: How this AI vishing-as-a-service group operates

Inside PlugValley: How this AI vishing-as-a-service group operates 2025-04-17 at 07:41 By Help Net Security In this Help Net Security video, Alexis Ober, Threat Intel Analyst at Fortra, discusses the threat actor group PlugValley, which is now offering AI-powered vishing-as-a-service. Rather than requiring technical skills or large budgets, PlugValley’s service lets any cybercriminal launch vishing

React to this headline:

Loading spinner

Inside PlugValley: How this AI vishing-as-a-service group operates Read More »

Only 1% of malicious emails that reach inboxes deliver malware

Only 1% of malicious emails that reach inboxes deliver malware 2025-04-02 at 07:04 By Help Net Security 99% of email threats reaching corporate user inboxes in 2024 were response-based social engineering attacks or contained phishing links, according to Fortra. Only 1% of malicious emails that reached user inboxes delivered malware. This shows that while common

React to this headline:

Loading spinner

Only 1% of malicious emails that reach inboxes deliver malware Read More »

AI threats and workforce shortages put pressure on security leaders

AI threats and workforce shortages put pressure on security leaders 2025-03-07 at 07:30 By Help Net Security In this Help Net Security video, John Grancarich, Fortra’s Chief Strategy Officer, discusses the 2025 Fortra State of Cybersecurity Survey and highlights escalating concerns among security professionals about AI-driven threats and a shortage of cybersecurity skills. The survey

React to this headline:

Loading spinner

AI threats and workforce shortages put pressure on security leaders Read More »

The compliance illusion: Why your company might be at risk despite passing audits

The compliance illusion: Why your company might be at risk despite passing audits 2025-02-26 at 08:20 By Mirko Zorz For many CISOs, compliance can feel like a necessary evil and a false sense of security. While frameworks like ISO 27001, SOC 2, and PCI DSS offer structured guidelines, they don’t automatically equate to strong cybersecurity.

React to this headline:

Loading spinner

The compliance illusion: Why your company might be at risk despite passing audits Read More »

Scam Yourself attacks: How social engineering is evolving

Scam Yourself attacks: How social engineering is evolving 2025-01-21 at 07:30 By Help Net Security We’ve entered a new era where verification must come before trust, and for good reason. Cyber threats are evolving rapidly, and one of the trends getting a fresh reboot in 2025 is the “scam yourself” attacks. These aren’t your run-of-the-mill

React to this headline:

Loading spinner

Scam Yourself attacks: How social engineering is evolving Read More »

Weekly IT Vulnerability Report: Cyble Researchers Find Nearly 1 Million Exposed Fortinet, SonicWall Devices

Weekly IT Vulnerability Report: Cyble Researchers Find Nearly 1 Million Exposed Fortinet, SonicWall Devices 2024-08-30 at 16:31 By dakshsharma16 Key Takeaways Overview Cyble’s weekly vulnerability report for August 21-27 found the highest number of exposed vulnerable assets in nearly three months, since a widespread PHP vulnerability was found in early June. Cyble researchers found more

React to this headline:

Loading spinner

Weekly IT Vulnerability Report: Cyble Researchers Find Nearly 1 Million Exposed Fortinet, SonicWall Devices Read More »

Fortra Patches Critical Vulnerability in FileCatalyst Workflow

Fortra Patches Critical Vulnerability in FileCatalyst Workflow 2024-08-30 at 14:31 By Ionut Arghire Fortra limits access to FileCatalyst Workflow database after vendor knowledgebase article leaks default credentials. The post Fortra Patches Critical Vulnerability in FileCatalyst Workflow appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

Fortra Patches Critical Vulnerability in FileCatalyst Workflow Read More »

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) 2024-08-28 at 12:02 By Zeljka Zorz Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB, the attacker can perform malicious operations in the database. For

React to this headline:

Loading spinner

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) Read More »

Fortra Patches Critical SQL Injection in FileCatalyst Workflow

Fortra Patches Critical SQL Injection in FileCatalyst Workflow 2024-06-28 at 14:16 By Ionut Arghire Fortra has patched a critical-severity vulnerability in FileCatalyst Workflow leading to the creation of administrator accounts. The post Fortra Patches Critical SQL Injection in FileCatalyst Workflow appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

Fortra Patches Critical SQL Injection in FileCatalyst Workflow Read More »

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) 2024-06-27 at 12:31 By Zeljka Zorz A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s currently no reports of in-the-wild exploitation, enterprise admins are advised to patch their installations as soon as possible.

React to this headline:

Loading spinner

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) Read More »

Cybercriminal adoption of browser fingerprinting

Cybercriminal adoption of browser fingerprinting 2024-04-05 at 08:01 By Help Net Security Browser fingerprinting is one of many tactics phishing site authors use to evade security checks and lengthen the lifespan of malicious campaigns. While browser fingerprinting has been used by legitimate organizations to uniquely identify web browsers for nearly 15 years, it is now

React to this headline:

Loading spinner

Cybercriminal adoption of browser fingerprinting Read More »

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) 2024-03-19 at 14:01 By Helga Labus Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published. About CVE-2024-25153 Fortra FileCatalyst is an enterprise managed file transfer (MFT) software solution that includes several components: FileCatalyst Direct, Workflow, and

React to this headline:

Loading spinner

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) Read More »

PoC Published for Critical Fortra Code Execution Vulnerability

PoC Published for Critical Fortra Code Execution Vulnerability 2024-03-18 at 13:46 By Ionut Arghire A critical directory traversal vulnerability in Fortra FileCatalyst Workflow could lead to remote code execution. The post PoC Published for Critical Fortra Code Execution Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

PoC Published for Critical Fortra Code Execution Vulnerability Read More »

Scroll to Top