GoAnywhere MFT
-
Microsoft links Medusa ransomware affiliate to rapid zero-day attacks
Microsoft said Storm-1175 has used n-day and zero-day flaws in rapid Medusa ransomware attacks, sometimes within 24 hours of initial access, and has hit healthcare, education, finance and other sectors.
-
Microsoft links Storm-1175 to zero-day exploitation of GoAnywhere MFT
Microsoft said the criminal group Storm-1175 exploited a zero-day in Fortra’s GoAnywhere MFT to gain remote code execution, deploy monitoring tools, steal data with Rclone and install Medusa ransomware, with activity observed as early as Sept. 11; CISA and other researchers have also reported active exploitation.
-
Critical CVSS-10 Flaw in Fortra GoAnywhere MFT Prompts Urgent Patch and Contingency Measures
A CVSS-10 vulnerability in Fortra's GoAnywhere MFT (CVE-2025-10035) threatens enterprise data transfers. The deserialization flaw in the License Servlet could enable remote code execution if exploited. Patches are available, and experts warn that thousands of internet-facing deployments may be at immediate risk unless mitigations are applied.
-
Fortra patches critical GoAnywhere MFT flaw; admins urged to restrict internet exposure of Admin Console
Fortra has issued patches for a critical GoAnywhere MFT vulnerability (CVE-2025-10035) that could enable remote command injection via deserialization. The company urges administrators to secure Admin Console access and apply the latest updates, as Shadowserver tracks hundreds of GoAnywhere instances and exposure continues to be a concern.
