Storm-1175 group exploits CVE-2025-10035, a critical GoAnywhere MFT vulnerability enabling command injection & RCE, followed by deployment of Medusa ransomware. Stay ahead of the threat with curated detection content from SOC Prime Platform.
socprime.com/blog/detect-...
socprime.com/blog/detect-...
CVE-2025-10035 Detection: Storm-1175 Exploits a Critical Fortra GoAnywhere MFT Vulnerability to Deploy Medusa Ransomware | SOC Prime
Detect CVE-2025-10035 exploitation attempts, a critical GoAnywhere vulnerability used by the Storm-1175 group, with Sigma rules from SOC Prime Platform.
socprime.com
October 10, 2025 at 12:55 PM
Storm-1175 group exploits CVE-2025-10035, a critical GoAnywhere MFT vulnerability enabling command injection & RCE, followed by deployment of Medusa ransomware. Stay ahead of the threat with curated detection content from SOC Prime Platform.
socprime.com/blog/detect-...
socprime.com/blog/detect-...
Medusa is a RaaS offering with affiliates like Storm-1175 carrying out double extortion. Storm-1175 was recently observed exploiting the CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability to deploy Medusa: msft.it/63323s0Z6Z
October 8, 2025 at 5:11 PM
Medusa is a RaaS offering with affiliates like Storm-1175 carrying out double extortion. Storm-1175 was recently observed exploiting the CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability to deploy Medusa: msft.it/63323s0Z6Z
-Medusa gang behind GoAnywhere attacks
-Abracadabra hacked for the third time
-DraftKings discloses another credential stuffing attack
-India's tax portal has a leak
-Google releases CodeMender
-EU companies sign open letter against Chat Control
-France investigates Apple over Siri recordings
-Abracadabra hacked for the third time
-DraftKings discloses another credential stuffing attack
-India's tax portal has a leak
-Google releases CodeMender
-EU companies sign open letter against Chat Control
-France investigates Apple over Siri recordings
October 8, 2025 at 8:08 AM
-Medusa gang behind GoAnywhere attacks
-Abracadabra hacked for the third time
-DraftKings discloses another credential stuffing attack
-India's tax portal has a leak
-Google releases CodeMender
-EU companies sign open letter against Chat Control
-France investigates Apple over Siri recordings
-Abracadabra hacked for the third time
-DraftKings discloses another credential stuffing attack
-India's tax portal has a leak
-Google releases CodeMender
-EU companies sign open letter against Chat Control
-France investigates Apple over Siri recordings
No, not the old GoAnywhere exploitation, this is a new one!
Medusa ransomware used during exploitation of GoAnywhere file transfer bug, Microsoft says
via @jgreig.bsky.social & @therecordmedia.bsky.social
Medusa ransomware used during exploitation of GoAnywhere file transfer bug, Microsoft says
via @jgreig.bsky.social & @therecordmedia.bsky.social
Medusa ransomware used during exploitation of GoAnywhere file transfer bug, Microsoft says
Cybercriminals are using the Medusa ransomware strain during exploitation of a vulnerability in Fortra's GoAnywhere file transfer tool.
therecord.media
October 7, 2025 at 12:42 PM
No, not the old GoAnywhere exploitation, this is a new one!
Medusa ransomware used during exploitation of GoAnywhere file transfer bug, Microsoft says
via @jgreig.bsky.social & @therecordmedia.bsky.social
Medusa ransomware used during exploitation of GoAnywhere file transfer bug, Microsoft says
via @jgreig.bsky.social & @therecordmedia.bsky.social
Microsoft、Medusaランサムウェア攻撃でGoAnywhereの重大なバグが悪用と警告
#CybersecurityNews
www.infosecurity-magazine.com/news/microso...
#CybersecurityNews
www.infosecurity-magazine.com/news/microso...
Microsoft: Critical GoAnywhere Bug Exploited in Medusa Ransomware Camp
A critical GoAnywhere vulnerability is being exploited by the Medusa ransomware group, Microsoft warns
www.infosecurity-magazine.com
October 7, 2025 at 9:18 AM
Microsoft、Medusaランサムウェア攻撃でGoAnywhereの重大なバグが悪用と警告
#CybersecurityNews
www.infosecurity-magazine.com/news/microso...
#CybersecurityNews
www.infosecurity-magazine.com/news/microso...
Storm-1175, a financially motivated actor known for deploying Medusa ransomware & exploiting public-facing applications, was observed exploiting the CVE-2025-10035 vulnerability in GoAnywhere MFT's License Servlet. Read our analysis & get detection+hunting guidance: msft.it/63325sIfZZ
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability | Microsoft Security Blog
Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT's License Servlet, tracked as CVE-2025-10035. We are publishing this blog post to increase awareness of this threat and to share end-to-end protection coverage details across Microsoft Defender.
msft.it
October 6, 2025 at 5:12 PM
Storm-1175, a financially motivated actor known for deploying Medusa ransomware & exploiting public-facing applications, was observed exploiting the CVE-2025-10035 vulnerability in GoAnywhere MFT's License Servlet. Read our analysis & get detection+hunting guidance: msft.it/63325sIfZZ
-UK to bail out Jaguar Land Rover
-US prosecutor allegedly hacked Telegram
-Dutch police arrest teens using WiFi sniffers for Russian spies
-GoAnywhere MFT bug was a zero-day
-Hacker leaks data from parole monitoring software
Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS484/
-US prosecutor allegedly hacked Telegram
-Dutch police arrest teens using WiFi sniffers for Russian spies
-GoAnywhere MFT bug was a zero-day
-Hacker leaks data from parole monitoring software
Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS484/
September 29, 2025 at 8:12 AM
-UK to bail out Jaguar Land Rover
-US prosecutor allegedly hacked Telegram
-Dutch police arrest teens using WiFi sniffers for Russian spies
-GoAnywhere MFT bug was a zero-day
-Hacker leaks data from parole monitoring software
Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS484/
-US prosecutor allegedly hacked Telegram
-Dutch police arrest teens using WiFi sniffers for Russian spies
-GoAnywhere MFT bug was a zero-day
-Hacker leaks data from parole monitoring software
Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS484/
Hackers are exploiting a recently patched vulnerability in Fortra GoAnywhere MFT file transfer servers. According to WatchTowr Labs, the attacks started a week after patches were release: labs.watchtowr.com/it-is-bad-ex...
It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2
We’re back, just over 24 hours later, to share our evolving understanding of CVE-2025-10035.
Thanks to everyone who reached out after Part 1, and especially to the individual who shared credible inte...
labs.watchtowr.com
September 28, 2025 at 2:07 PM
Hackers are exploiting a recently patched vulnerability in Fortra GoAnywhere MFT file transfer servers. According to WatchTowr Labs, the attacks started a week after patches were release: labs.watchtowr.com/it-is-bad-ex...
Okay, there it is. Evidence of ITW exploitation of the new GoAnywhere vuln.
It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2
We’re back, just over 24 hours later, to share our evolving understanding of CVE-2025-10035.
Thanks to everyone who reached out after Part 1, and especially to the individual who shared credible intel that informed this update.
In Part 1 we laid out an odd and worrying picture:
* A vendor
labs.watchtowr.com
September 25, 2025 at 8:07 PM
Okay, there it is. Evidence of ITW exploitation of the new GoAnywhere vuln.
Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in command injection attacks.
Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet
Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in command injection attacks.
www.bleepingcomputer.com
September 19, 2025 at 2:21 PM
Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in command injection attacks.
📣 for immediate 2025 worldwide release ⌛️🗽✈️ #aiart #traveltheworld #TravelInspiration #surf #everywhere #worldtravellers #wandertheglobe #Oceans #sea #love #Fly #nyc #goanywhere #LetsGo #TheTimeIsNow
March 12, 2025 at 10:04 AM
📣 for immediate 2025 worldwide release ⌛️🗽✈️ #aiart #traveltheworld #TravelInspiration #surf #everywhere #worldtravellers #wandertheglobe #Oceans #sea #love #Fly #nyc #goanywhere #LetsGo #TheTimeIsNow
📣 for immediate June 2025 worldwide release ⚡️⌛️🗽✈️🇺🇸 #aiart #traveltheworld #TravelInspiration #surf #everywhere #worldtravellers #wandertheglobe #Oceans #sea #love #Fly #nyc #goanywhere #LetsGo #TheTimeIsNow #АннаRohit #capitalism
June 22, 2025 at 5:37 AM
📣 for immediate June 2025 worldwide release ⚡️⌛️🗽✈️🇺🇸 #aiart #traveltheworld #TravelInspiration #surf #everywhere #worldtravellers #wandertheglobe #Oceans #sea #love #Fly #nyc #goanywhere #LetsGo #TheTimeIsNow #АннаRohit #capitalism
You can now share your thoughts on vulnerability CVE-2024-11922 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2024-11922
Fortra - GoAnywhere MFT
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2024-11922
Fortra - GoAnywhere MFT
#vulnerabilitylookup #vulnerability #cybersecurity #bot
cvelistv5 - CVE-2024-11922
Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
vulnerability.circl.lu
April 28, 2025 at 9:18 PM
You can now share your thoughts on vulnerability CVE-2024-11922 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2024-11922
Fortra - GoAnywhere MFT
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2024-11922
Fortra - GoAnywhere MFT
#vulnerabilitylookup #vulnerability #cybersecurity #bot
Fortra dicht kritiek beveiligingslek in file transfer software GoAnywhere MFT
Fortra dicht kritiek beveiligingslek in file transfer software GoAnywhere MFT - Security.NL
Fortra dicht kritiek beveiligingslek in file transfer software GoAnywhere MFT
Softwarebedrijf Fortra heeft beveiligingsupdates uitgebracht voor een kritieke kwetsbaarheid in GoAnywhere MFT (managed file transfer), een oplossing waarmee organisaties bestanden kunnen uitwisselen. ...
Read more
Published Date:
Sep 19, 2025 (4 hours, 25 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-10035
www.security.nl
September 19, 2025 at 9:58 PM
Fortra dicht kritiek beveiligingslek in file transfer software GoAnywhere MFT
Microsoft: Cybererpresser nutzen kritische Lücke in Goanywhere
Microsoft: Cybererpresser nutzen kritische Lücke in Goanywhere
Die Hacking-Kampagne läuft seit fast zwei Monaten. Eine Gruppe namens Strom-1175 schleust die Ransomware Medusa ein.
www.golem.de
October 8, 2025 at 8:20 AM
Microsoft: Cybererpresser nutzen kritische Lücke in Goanywhere
Fortra LLC and several of its health-care company clients will pay $20 million to settle consolidated litigation over a 2023 breach of the software provider’s GoAnywhere file-transfer tool, under a deal given final approval in a federal court.
Fortra Gets Final Nod For $20 Million File-Transfer Breach Deal
Fortra LLC and several of its health-care company clients will pay $20 million to settle consolidated litigation over a 2023 breach of the software provider’s GoAnywhere file-transfer tool, under a deal given final approval in a federal court.
bit.ly
September 21, 2025 at 12:00 AM
Fortra LLC and several of its health-care company clients will pay $20 million to settle consolidated litigation over a 2023 breach of the software provider’s GoAnywhere file-transfer tool, under a deal given final approval in a federal court.
‘An attacker's playground:’ Crims exploit GoAnywhere perfect-10 bug
Researchers say tens of thousands of instances remain publicly reachable
Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra's GoAnywhere ma…
#hackernews #news
Researchers say tens of thousands of instances remain publicly reachable
Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra's GoAnywhere ma…
#hackernews #news
‘An attacker's playground:’ Crims exploit GoAnywhere perfect-10 bug
Researchers say tens of thousands of instances remain publicly reachable
Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra's GoAnywhere managed file transfer (MFT), and chastised the vendor for a lack of transparency.…
go.theregister.com
September 27, 2025 at 3:05 PM
‘An attacker's playground:’ Crims exploit GoAnywhere perfect-10 bug
Researchers say tens of thousands of instances remain publicly reachable
Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra's GoAnywhere ma…
#hackernews #news
Researchers say tens of thousands of instances remain publicly reachable
Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra's GoAnywhere ma…
#hackernews #news
Clop's extortion streak:
Accellion FTA platform (2020)
SolarWinds Serv-U FTP (2021)
GoAnywhere MFT platform (2023)
MOVEit Transfer (2023)
Cleo file transfer (2024)
E-Business Suite (2025)
via: www.orangecyberdefense.com/global/blog/...
Accellion FTA platform (2020)
SolarWinds Serv-U FTP (2021)
GoAnywhere MFT platform (2023)
MOVEit Transfer (2023)
Cleo file transfer (2024)
E-Business Suite (2025)
via: www.orangecyberdefense.com/global/blog/...
October 12, 2025 at 3:54 PM
Clop's extortion streak:
Accellion FTA platform (2020)
SolarWinds Serv-U FTP (2021)
GoAnywhere MFT platform (2023)
MOVEit Transfer (2023)
Cleo file transfer (2024)
E-Business Suite (2025)
via: www.orangecyberdefense.com/global/blog/...
Accellion FTA platform (2020)
SolarWinds Serv-U FTP (2021)
GoAnywhere MFT platform (2023)
MOVEit Transfer (2023)
Cleo file transfer (2024)
E-Business Suite (2025)
via: www.orangecyberdefense.com/global/blog/...
On these lines , our local bus company used to sell a GoAnywhere ticket - I feel as the destinations were Reading, Wallingford and Henley that rather oversold it
January 27, 2025 at 3:36 PM
On these lines , our local bus company used to sell a GoAnywhere ticket - I feel as the destinations were Reading, Wallingford and Henley that rather oversold it
📣 for immediate 2025 worldwide release ⌛️✈️🗽#aiart #traveltheworld #TravelInspiration #surf #everywhere #worldtravellers #wandertheglobe #Oceans #sea #love #Fly #nyc #goanywhere
January 12, 2025 at 5:56 PM
📣 for immediate 2025 worldwide release ⌛️✈️🗽#aiart #traveltheworld #TravelInspiration #surf #everywhere #worldtravellers #wandertheglobe #Oceans #sea #love #Fly #nyc #goanywhere
📣 for immediate 2025 worldwide release ⌛️🗽✈️ #aiart #traveltheworld #TravelInspiration #surf #everywhere #worldtravellers #wandertheglobe #Oceans #sea #love #Fly #nyc #goanywhere #LetsGo #TheTimeIsNow
March 17, 2025 at 6:01 PM
📣 for immediate 2025 worldwide release ⌛️🗽✈️ #aiart #traveltheworld #TravelInspiration #surf #everywhere #worldtravellers #wandertheglobe #Oceans #sea #love #Fly #nyc #goanywhere #LetsGo #TheTimeIsNow
File transfer platforms are proving irresistible to threat actors. Think #MOVEit, #GoAnywhere.
👉🏻 if you're running CrushFTP, patch immediately to versions 11.3.1+ or 10.8.4+. And consider enabling DMZ perimeter protection if updating isn’t possible.
#ransomNews #cyberSecurity #infosec
👉🏻 if you're running CrushFTP, patch immediately to versions 11.3.1+ or 10.8.4+. And consider enabling DMZ perimeter protection if updating isn’t possible.
#ransomNews #cyberSecurity #infosec
April 10, 2025 at 9:32 AM
File transfer platforms are proving irresistible to threat actors. Think #MOVEit, #GoAnywhere.
👉🏻 if you're running CrushFTP, patch immediately to versions 11.3.1+ or 10.8.4+. And consider enabling DMZ perimeter protection if updating isn’t possible.
#ransomNews #cyberSecurity #infosec
👉🏻 if you're running CrushFTP, patch immediately to versions 11.3.1+ or 10.8.4+. And consider enabling DMZ perimeter protection if updating isn’t possible.
#ransomNews #cyberSecurity #infosec
📣 for immediate 2025 worldwide release ⌛️🗽✈️ #aiart #traveltheworld #TravelInspiration #surf #everywhere #worldtravellers #wandertheglobe #Oceans #sea #love #Fly #nyc #goanywhere #LetsGo #TheTimeIsNow #АннаRohit
April 14, 2025 at 5:25 PM
📣 for immediate 2025 worldwide release ⌛️🗽✈️ #aiart #traveltheworld #TravelInspiration #surf #everywhere #worldtravellers #wandertheglobe #Oceans #sea #love #Fly #nyc #goanywhere #LetsGo #TheTimeIsNow #АннаRohit
You can now share your thoughts on vulnerability CVE-2025-3871 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-3871
Fortra - GoAnywhere MFT
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-3871
Fortra - GoAnywhere MFT
#vulnerabilitylookup #vulnerability #cybersecurity #bot
cvelistv5 - CVE-2025-3871
Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
vulnerability.circl.lu
July 16, 2025 at 2:58 PM
You can now share your thoughts on vulnerability CVE-2025-3871 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-3871
Fortra - GoAnywhere MFT
#vulnerabilitylookup #vulnerability #cybersecurity #bot
https://vulnerability.circl.lu/vuln/CVE-2025-3871
Fortra - GoAnywhere MFT
#vulnerabilitylookup #vulnerability #cybersecurity #bot
Patch Now: Max-Severity Fortra GoAnywhere Bug Allows Command Injection #cybersecurity #hacking #news #infosec #security #technology #privacy
Fortra GoAnywhere Bug Allows Command Injection
Exploitation of the flaw, tracked as CVE-2025-10035, is highly dependent on whether systems are exposed to the Internet, according to Fortra.
www.darkreading.com
September 20, 2025 at 1:19 AM
Patch Now: Max-Severity Fortra GoAnywhere Bug Allows Command Injection #cybersecurity #hacking #news #infosec #security #technology #privacy