惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

H
Hackread – Cybersecurity News, Data Breaches, AI and More
C
Check Point Blog
Hacker News: Ask HN
Hacker News: Ask HN
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
P
Proofpoint News Feed
V
Visual Studio Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
N
Netflix TechBlog - Medium
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 叶小钗
Cisco Talos Blog
Cisco Talos Blog
S
Schneier on Security
T
Threat Research - Cisco Blogs
腾讯CDC
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The Hacker News
The Hacker News
Google DeepMind News
Google DeepMind News
Microsoft Security Blog
Microsoft Security Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
GbyAI
GbyAI
N
News | PayPal Newsroom
L
LINUX DO - 最新话题
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Palo Alto Networks Blog
T
Tenable Blog
S
Secure Thoughts
T
Threatpost
V2EX - 技术
V2EX - 技术
大猫的无限游戏
大猫的无限游戏
Martin Fowler
Martin Fowler
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Vercel News
Vercel News
罗磊的独立博客
P
Privacy & Cybersecurity Law Blog
Engineering at Meta
Engineering at Meta
小众软件
小众软件
Google DeepMind News
Google DeepMind News
N
News and Events Feed by Topic
Y
Y Combinator Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cybersecurity and Infrastructure Security Agency CISA
P
Proofpoint News Feed
L
Lohrmann on Cybersecurity
P
Privacy International News Feed
H
Heimdal Security Blog
量子位
B
Blog

The Register - Security: Patches

Cisco SD-WAN make-me-root bug under attack Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9 AI is making Patch Tuesday (kinda) fun again Anthropic to release Mythos-class models to the public Clear your calendar, Drupal user: You have a critically urgent patch to install Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs Critical cPanel, WHM flaw probs exploited as 0-day, pros say Microsoft patch fell short. New Windows flaw exploited More Cisco SD-WAN bugs battered in attacks Critical Fortinet sandbox bugs allow auth bypass and RCE Ancient Excel bug comes out of retirement for active attacks Microsoft's massive Patch Tuesday: It's raining bugs Ransomware scum, other crims exploit 4 old Microsoft bugs Attackers exploited the FortiClient EMS bug as a 0-day Citrix NetScaler bug may be multiple flaws in one Ransomware crims abused Cisco 0-day weeks before disclosure Google rushes Chrome update to fix zero-days under attack CISA warns max-severity n8n bug is being exploited in the wild Cisco warns of two more SD-WAN bugs under active attack LexisNexis Legal & Professional confirms data breach Five Eyes warn: Patch your Cisco SD-WAN or risk root takeover Patch these 4 critical, make-me-root SolarWinds bugs ASAP Attacker gets into France's DB listing all bank accounts CISA gives feds 3 days to patch actively exploited Dell bug CISA gives feds 3 days to patch actively exploited Dell bug Google fixes exploited Chrome CSS zero-day Critical Microsoft bug from 2024 under exploitation Apple patches decade-old iOS zero-day exploited in the wild Microsoft's Valentine's gift to admins: 6 zero-day fixes Microsoft's Valentine's gift to admins: 6 zero-day fixes Critical SolarWinds Web Help Desk bug under attack Critical React Native Metro dev server bug under attack Critical React Native Metro dev server bug under attack OpenClaw patches one-click RCE as security Whac-A-Mole continues Ivanti's January bad luck continues as 0-days hit customers Critical VMware vCenter Server bug under attack Critical VMware vCenter Server bug under attack FortiGate SSO bug still exploitable despite December patch Ancient telnet bug happily hands out root to attackers Cisco plugs up Unified Comms zero-day under active exploit Cloudflare whacks WAF bypass bug that opened side door Cloudflare whacks WAF bypass bug that opened side door Anthropic quietly fixed flaws in its Git MCP server Sorry Dave, I’m afraid I can’t do that! PCs refuse to shut down after Microsoft patch Patch Tuesday update makes Windows PCs refuse to shut down Cisco finally fixes max-severity bug under active attack for weeks Cisco finally fixes max-severity bug under attack for weeks Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm Python libraries in AI/ML models can be poisoned w metadata Python libraries in AI/ML models can be poisoned w metadata Ruh-roh, there's a Cisco ISE bug POC on the loose Ruh-roh, there's a Cisco ISE bug POC on the loose CISA flags exploited Office relic alongside fresh HPE flaw Critical n8n bug allows unauthenticated server takeover Logitech mouse mayhem traced to expired dev certificate 'Heartbleed of MongoDB' under active exploit Microsoft fixes Message Queuing issue in new update Microsoft fixes Message Queuing issue in new update Critical-rated WatchGuard Firebox flaw under active attack HPE OneView RCE bug scores a perfect 10 Apple, Google forced to issue emergency 0-day patches Microsoft RasMan DoS 0-day gets unofficial patch - and a working exploit Microsoft RasMan 0-day gets an unofficial patch and exploit New React vulns leak secrets, invite DoS attacks Google fixes super-secret 8th Chrome 0-day Microsoft fixes Windows shortcut flaw exploited for years Microsoft fixes Windows shortcut flaw exploited for years Two Android 0-day bugs patched, plus 105 more fixes Fortinet finally cops to critical bug under active exploit Cisco warns of 'new attack variant' battering firewalls Docker Compose vulnerability opens door to host-level writes Microsoft issues out-of-band patch for critical WSUS flaw Vulnerable Rust crate exposes uv Python packager Oracle rushes out another emergency E-Business Suite patch 50K Cisco firewalls remain vulnerable to advanced attacks Critical Cisco firewall holes under active attack SonicWall releases rootkit-busting firmware update SolarWinds patches critical RCE - for the third time Fortra discloses 10/10 severity bug in GoAnywhere MFT OpenAI plugs ShadowLeak bug in ChatGPT Google pushes emergency patch for Chrome 0-day Apple backports patch to older kit after 0-day exploitation
Exploits using GoAnywhere perfect-10 bug confirmed
Connor Jones Connor Jones · 2025-09-26 · via The Register - Security: Patches

Patches

‘An attacker's playground:’ Crims exploit GoAnywhere perfect-10 bug

Researchers say tens of thousands of instances remain publicly reachable

Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra's GoAnywhere managed file transfer (MFT), and chastised the vendor for a lack of transparency.

The experts over at watchTowr, never ones to mince their words, described the revelation as "an increasingly disappointing situation," criticizing Fortra for not sharing enough details about the exploitation status of CVE-2025-10035.

The Register reported on the vulnerability last week after Fortra disclosed it on September 18. In our story, we noted that Fortra did not confirm whether it was actively being exploited under its "Am I Impacted?" section.

"Exploitation of this vulnerability is highly dependent upon systems being externally exposed to the internet," it said at the time.

The watchTowr researchers Xeeted that it was likely that exploits had already been successful, and in their latest blog, they said that they received evidence of attacks using the vulnerability on September 10.

According to watchTowr's findings, attackers trigger the pre-auth deserialization bug to achieve remote code execution (RCE) capability, then create backdoor admin accounts and web users before executing multiple follow-on payloads.

"Unfortunately, the picture now painted allows for evidence-based confidence in the concern that Fortra's 'Am I Impacted?' section probably was not Fortra attempting to be overly helpful, but a thinly veiled way of sharing 'Indicators of Compromise,'" the researchers wrote.

They went on to say that, after discovering attacks began eight days prior to Fortra's advisory, researchers have concluded that defenders are at greater risk because they now have to trawl through even more logs to ensure their systems' safety.

Benjamin Harris, CEO and founder of watchTowr, said: "After our initial research into GoAnywhere MFT's CVE-2025-10035 raised more questions than answers, credible evidence shared with the watchTowr team now adds weight to our suspicions. 

"This is not 'just' a CVSS 10.0 flaw in a solution long favored by APT groups and ransomware operators — it is a vulnerability that has been actively exploited in the wild since at least September 10, 2025. 

"We urge Fortra to clarify the situation. If this evidence and our suspicions hold true, transparency is critical so that organizations using GoAnywhere MFT can make informed decisions, including whether to initiate incident response investigations."

In a blog published earlier this week, the researchers said GoAnywhere MFT is deployed by organizations in the Fortune 500, and that there were more than 20,000 instances still exposed to the internet. No word on how many of these were unpatched, however.

'An attacker's playground'

Given the size of the organizations potentially still vulnerable to CVE-2025-10035, watchTowr said successful exploits could result in "a playground [advanced persistent threat] groups dream about."

The same product was similarly under the industry's microscope in 2023 after it was popped by Cl0p using CVE-2023-0669 (7.2) – a zero-day – as part of a series of attacks on MFT vendors, which in total resulted in thousands of compromises at downstream organizations.

"That was the year of MFT exploitation trauma across multiple vendors, burned into the memory of defenders everywhere," watchTowr said.

After Cl0p had its way with hundreds of GoAnywhere customers in January 2023, in the following months, it then shifted focus to Progress' MOVEit MFT, which resulted in thousands of compromises affecting roughly 96 million individuals, by Emsisoft's reckoning.

CISA also confirmed that CVE-2023-0669 was exploited by leading cybercrime gangs at the time, LockBit and BlackBasta, to deploy ransomware.

The Register contacted Fortra for comment and we'll update this article if and when we receive response. ®