Hosted on MSN

‘An attacker's playground:’ Crims exploit GoAnywhere perfect-10 bug

Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra's GoAnywhere managed file transfer (MFT), and chastised the vendor for a lack ...
Ars Technica

Health info for 1 million patients stolen using critical GoAnywhere vulnerability

One of the biggest hospital chains in the US said hackers obtained protected health information for 1 million patients after exploiting a vulnerability in an enterprise software product called ...
Bleeping Computer

Maximum severity GoAnywhere MFT flaw exploited as zero day

Hackers are actively exploiting a maximum severity vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT that allows injecting commands remotely without authentication. The vendor disclosed the ...
Bleeping Computer

Microsoft: Critical GoAnywhere bug exploited in ransomware attacks

A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability in Medusa ransomware attacks for nearly a month. Tracked as CVE-2025-10035, this ...
Dark Reading

Fortra Discloses Critical Auth Bypass Vuln in GoAnywhere MFT

A proof-of-concept exploit is now available for a near maximum-severity flaw in Fortra's GoAnywhere Managed File Transfer (MFT) software that the company publicly disclosed on Jan. 23 after quietly ...
CSOonline

Fortra patches critical GoAnywhere MFT flaw akin to past ransomware exploits

Researchers warn organizations to immediately upgrade deployments of GoAnywhere MFT due to vulnerabilities that have been exploited in the past by ransomware gangs. Users of Fortra’s GoAnywhere MFT ...
Supply Chain Management Review

Exploited trust: What GoAnywhere reveals about supply chain weak links

When Microsoft confirmed that the threat actor Storm-1175 has been actively exploiting CVE-2025-10035 in GoAnywhere MFT systems, the disclosure revealed far more than another ransomware incident. It ...