Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Microsoft Warns Critical GoAnywhere Security Bug Is Being Exploited by Ransomware Gang, so Be on Your Guard

Storm-1175 has exploited a critical zero-day flaw in GoAnywhere MFT since early September, enabling remote code execution and wide Medusa ransomware deployment, Microsoft confirmed.

Summary by Tech Radar
GoAnywhere bug was discovered and patched weeks ago, but crooks are still using it to drop encryptors.
Podcasts & Opinions

7 Articles

Tech RadarTech Radar
Center

Microsoft warns critical GoAnywhere security bug is being exploited by ransomware gang, so be on your guard

GoAnywhere bug was discovered and patched weeks ago, but crooks are still using it to drop encryptors.

·United Kingdom
Read Full Article
BleepingComputerBleepingComputer
Center

Microsoft: Critical GoAnywhere bug exploited in ransomware attacks

A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability in Medusa ransomware attacks for nearly a month.

Read Full Article
The Cyber ExpressThe Cyber Express

Attackers Deployed Medusa Ransomware Via GoAnywhere Zero-Day

Cybercriminals exploited a critical deserialization flaw in Fortra’s GoAnywhere Managed File Transfer (MFT) tool—tracked as CVE-2025-10035—to drop Medusa ransomware, Microsoft disclosed Monday. The campaign, attributed to a group Microsoft tracks as Storm-1175, illustrates how file-transfer infrastructure once again becomes a staging ground for high-impact attacks. According to Microsoft, Storm-1175 used the vulnerability to gain initial access …

Read Full Article
unsafe.shunsafe.sh

Microsoft Links Storm-1175 to Goanywhere Exploit Deploying Medusa Ransomware

Microsoft has tracked the threat group Storm-1175 as exploiting the critical vulnerability CVE-2025-10035 (CVSS score: 10.0) in Fortra GoAnywhere software to deploy the Medusa ransomware. This vulnerability could lead to command injection and remote code execution. The attackers exploited this vulnerability to gain system and user discovery, maintain access, and deploy tools for lateral movement and malware distribution. Microsoft confirmed that…

Read Full Article
The Hacker NewsThe Hacker News

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware

Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, or the Sustain

Read Full Article
cybernoz.comcybernoz.com

GoAnywhere 0-Day RCE Actively Exploited to Deliver Medusa Ransomware - Cybernoz - Cybersecurity News

A critical zero-day vulnerability in GoAnywhere MFT’s License Servlet is being actively exploited to deploy Medusa ransomware. On September 18, 2025, Fortra released an advisory disclosing CVE-2025-10035, a deserialization flaw with a perfect CVSS score of 10.0. Threat actors tracked as Storm-1175 have abused this issue to gain remote code execution (RCE) on exposed systems, leading to widespread compromise. Vulnerability Analysis CVE-2025-10035…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Monday, October 6, 2025.
Sources are mostly out of (0)

Similar News Topics

Microsoft icon

Microsoft

Software icon

Software

News
For You
SearchBlindspotLocal