Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT’s License Servlet that can be exploited in command injection attacks. […]
Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability
Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands.
The vulnerability, tracked as CVE-2025-10035, carries a CVSS score of 10.0, indicating maximum severity.
“A deserialization vulnerability in the License Servlet of Fortra’s GoAnywhere MFT allows an actor with a validly forged
The vulnerability, tracked as CVE-2025-10035, carries a CVSS score of 10.0, indicating maximum severity.
“A deserialization vulnerability in the License Servlet of Fortra’s GoAnywhere MFT allows an actor with a validly forged
17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge
The phishing-as-a-service (PhaaS) offering known as Lighthouse and Lucid has been linked to more than 17,500 phishing domains targeting 316 brands from 74 countries.
“Phishing-as-a-Service (PhaaS) deployments have risen significantly recently,” Netcraft said in a new report. “The PhaaS operators charge a monthly fee for phishing software with pre-installed templates impersonating, in some cases,
“Phishing-as-a-Service (PhaaS) deployments have risen significantly recently,” Netcraft said in a new report. “The PhaaS operators charge a monthly fee for phishing software with pre-installed templates impersonating, in some cases,
Known. Emerging. Unstoppable? Ransomware Attacks Still Evade Defenses
Ransomware remains one of the most destructive threats—because defenses keep failing. Picus Blue Report 2025 shows prevention dropped to 62%, while data exfiltration prevention collapsed to just 3%. […]
Turla and Gamaredon Working Together in Fresh Ukrainian Intrusions
Turla malware was deployed in February on select systems that Gamaredon had compromised in January.
The post Turla and Gamaredon Working Together in Fresh Ukrainian Intrusions appeared first on SecurityWeek.
Steam will stop running on Windows 32-bit in January 2026
Valve has announced that its Steam digital distribution service will drop support for 32-bit versions of Windows starting January 2026. […]
CISA Analyzes Malware From Ivanti EPMM Intrusions
Hackers chained two Ivanti EPMM vulnerabilities to collect system information, dump credentials, and execute malware.
The post CISA Analyzes Malware From Ivanti EPMM Intrusions appeared first on SecurityWeek.
ChatGPT Tricked Into Solving CAPTCHAs
The AI agent was able to solve different types of CAPTCHAs and adjusted its cursor movements to better mimic human behavior.
The post ChatGPT Tricked Into Solving CAPTCHAs appeared first on SecurityWeek.
How To Automate Alert Triage With AI Agents and Confluence SOPs Using Tines
Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community – all free to import and deploy through the platform’s Community Edition.
The workflow we are highlighting streamlines security alert handling by automatically identifying and executing the appropriate Standard
The workflow we are highlighting streamlines security alert handling by automatically identifying and executing the appropriate Standard
Netskope Raises Over $908 Million in IPO
Netskope has debuted on Nasdaq and its shares soared more than 18%, bringing the company’s value to $8.6 billion.
The post Netskope Raises Over $908 Million in IPO appeared first on SecurityWeek.