RedPacket SecurityDec 19

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed FileTransfer vulnerability - https://www.redpacketsecurity.com/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-filetransfer-vulnerability/

#threatintel
#CVE-2025-10035
#GoAnywhere MFT
#Deserialization vulnerability
#Storm-1175
#Medusa ransomware

RedPacket SecurityDec 19

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed FileTransfer vulnerability - https://www.redpacketsecurity.com/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-filetransfer-vulnerability/

#threatintel
#CVE-2025-10035
#GoAnywhere MFT
#Deserialization vulnerability
#Storm-1175
#Medusa ransomware

Xavier «X» Santolaria  Oct 12

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #41/2025 is out!

→ It includes the following and much more:

😱 13-Year #Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely;

🩹 #Google #DeepMind’s New #AI Agent Finds and Fixes Vulnerabilities;

💬 5.5 Million People Impacted in #Discord Breach;

🇯🇵 🍺 Qilin #ransomware says it attacked Japan’s Asahi;

🇺🇸 Microsoft says the Storm-1175 cybercrime group exploited a zero-day in #GoAnywhere MFT;

🔓 The Cl0p ransomware group stole data from Oracle E-Business Suite customers;

🔥 🧱 #SonicWall admits attacker accessed all customer firewall configurations stored on #cloud portal;

--

👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-41-2025

🕵🏻‍♂️ [InfoSec MASHUP] 41/2025

13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely; Google DeepMind’s New AI Agent Finds and Fixes Vulnerabilities; 5.5 Million People Impacted in Discord Breach; Qilin ransomware says it attacked Japan’s Asahi; Microsoft says the Storm-1175 cybercrime group exploited a zero-day in GoAnywhere MFT; The Cl0p ransomware group stole data from Oracle E-Business Suite customers; SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal;

X’s InfoSec Newsletter
Offensive SequenceOct 12
🔥 CRITICAL: CVE-2025-10035 in GoAnywhere MFT (7.6.x–7.8.x) enables unauthenticated remote command injection—actively exploited for ransomware (Medusa). Restrict admin console access, patch now, and monitor for IOCs. Details: https://radar.offseq.com/threat/from-detection-to-patch-fortra-reveals-full-timeli-d569181c #OffSeq #vuln #GoAnywhere #BlueTeam
Offensive SequenceOct 9
Medusa ransomware is exploiting CRITICAL vuln (CVE-2025-10035) in Fortra GoAnywhere MFT. Private key compromise enables data breaches & ransomware. Audit key management, monitor access, & apply vendor updates. https://radar.offseq.com/threat/medusa-ransomware-actors-exploit-critical-fortra-g-c90501d0 #OffSeq #GoAnywhere #Ransomware #Infosec
securityaffairsOct 7
#GoAnywhere #MFT zero-day used by Storm-1175 in #Medusa #ransomware campaigns
https://securityaffairs.com/183075/hacking/goanywhere-mft-zero-day-used-by-storm-1175-in-medusa-ransomware-campaigns.html
#securityaffairs #Fortra
GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns

Storm-1175 exploits GoAnywhere MFT flaw CVE-2025-10035 in Medusa attacks, allowing easy remote code execution via License Servlet bug.

Security Affairs
Hackread.comOct 7

🔒 Microsoft confirms Medusa ransomware is actively exploiting a CVSS 10.0 deserialization flaw in Fortra’s #GoAnywhere MFT. If your GoAnywhere instance is internet-exposed, patch immediately.

Read: https://hackread.com/medusa-ransomware-goanywhere-mft-flaw-microsoft/

#CyberSecurity #Ransomware #Medusa #ZeroDay

Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
ransomNewsOct 7
⚠️ Microsoft warns of critical GoAnywhere flaw under attack A zero-day in Fortra’s GoAnywhere MFT (CVE-2024-0204) is being actively exploited to steal data and deploy ransomware. Microsoft links the activity to Lace Tempest, known for CL0P ransomware. 👉🏻 patch immediately. #ransomNews #GoAnywhere
Tom's Hardware ItaliaOct 7

⚠️ Una grave falla in #GoAnywhere mette a rischio milioni di PC Windows di essere compromessi - protegge le tue informazioni! #CyberSecurity

🔗 https://www.tomshw.it/business/microsoft-accusa-medusa-per-exploit-goanywhere-2025-10-07

Una grave falla in GoAnywhere compromette milioni di PC Windows

Una volta nel sistema, gli hacker possono fare quello che vogliono, dall'installare backdoor a diffondere ransomware.

Tom's Hardware
Offensive SequenceOct 7
🚨 CRITICAL GoAnywhere MFT bug is being exploited for ransomware. Remote code execution with no user interaction puts European orgs at high risk. Patch ASAP, restrict access, and monitor logs. No CVE yet. Details: https://radar.offseq.com/threat/microsoft-critical-goanywhere-bug-exploited-in-ran-c18f5ff1 #OffSeq #Ransomware #GoAnywhere #CyberAlert