Alert over Medusa ransomware attacks targeting Fortra MFT

Image for article Alert over Medusa ransomware attacks targeting Fortra MFT
News Source : ComputerWeekly.com

News Summary

  • Fortra issued its own advisory, and a patch, on 18 September, but now, almost three weeks down the line, Microsoft said it had observed a cyber criminal actor exploiting the Fortra flaw.
  • CVE-2025-10035 is a critical deserialisation flaw – bearing a CVSS score of 10.0 – in the GoAnywhere MFT licence servlet.
  • Left unaddressed, it enables a threat actor who has obtained a validly forged licence response signature to deserialise an arbitrary, actor-controlled object.
Fortra, the manufacturer of the widely used GoAnywhere managed file transfer (MFT) tool, has once again found itself at the centre of a gathering cyber storm after Microsoft warned it was tracking ma [+3466 chars]

Must read Articles