Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks
A recently patched vulnerability in Fortra GoAnywhere MFT (Managed File Transfer) was exploited as a zero-day by a Chinese ransomware group, Microsoft reports. The flaw,…
Latest Cybersecurity News — Page 1348
View all →
GoAnywhere 0-Day RCE Vulnerability Exploited in the Wild to Deploy Medusa Ransomware
A critical deserialization flaw in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035, has already been weaponized by the Storm-1175 group to execute the Medusa ransomware.…
Hackers Exploit Legitimate Commands to Breach Databases
In recent years, adversaries have abandoned traditional malware in favor of “living-off-the-land” operations against cloud and SaaS environments. Rather than deploying custom ransomware binaries, many…
CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
Oct 07, 2025Ravie LakshmananVulnerability / Cloud Security Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in…
Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation
A critical-severity vulnerability that lingered in Redis for 13 years potentially exposes 60,000 servers to exploitation, cybersecurity firm Wiz warns. Redis is an open source…
OpenSSH ProxyCommand Flaw Allows Remote Code Execution
Security researchers have uncovered a critical flaw in OpenSSH’s ProxyCommand feature that can be leveraged to achieve remote code execution on client systems. Tracked as…
Discord warns users after data stolen in third-party breach
Popular social platform Discord has suffered a data breach—though technically, it wasn’t Discord itself that was hacked. A third-party customer support provider was compromised, allowing…
The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn
Time Manipulation Allows Hackers to Trigger Y2K38 Bug Today Widely known time-related software bugs that could cause significant disruptions when triggered in more than a…
CISA Issues Alert on Active Exploitation of Microsoft Windows Privilege Escalation Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a critical privilege escalation vulnerability in Microsoft Windows. Known as CVE-2021-43226, this…
Scattered Spider Targets Microsoft, Apple In Access Scheme
Scattered Spider has shifted its operational strategy, moving away from chaotic data leaks toward a more structured and professional model of cybercrime. Now functioning as…
CISA Warns of Windows Privilege Escalation Vulnerability Exploited in Attacks
CISA has issued an urgent security advisory, adding Microsoft Windows privilege escalation vulnerability CVE-2021-43226 to its Known Exploited Vulnerabilities (KEV) catalog on October 6, 2025. …
GoAnywhere 0-Day RCE Actively Exploited to Deliver Medusa Ransomware
A critical zero-day vulnerability in GoAnywhere MFT’s License Servlet is being actively exploited to deploy Medusa ransomware. On September 18, 2025, Fortra released an advisory…