Explore how Microsoft connects cybercriminals to a significant ransomware exploit impacting organizations worldwide.
Storm‑1175 is a cybercriminal group known for its sophisticated ransomware attacks targeting major infrastructure.
Learn about the critical flaw in GoAnywhere MFT that has made organizations vulnerable to cyber threats.
CVE‑2025‑10035 is a deserialization bug allowing unauthorized command injection leading to major exploits.
GoAnywhere released patches in versions 7.8.4 and 7.6.3 to fix the reported vulnerabilities.
Exploitation began on September 10, 2025, impacting various organizations and prompting urgent defenses.
Attackers used SimpleHelp and MeshAgent to maintain control over compromised systems and facilitate access.
The attack involved system discovery, lateral movement, and command and control through Cloudflare tunnels.
Rclone was identified in victim environments, showing methods for data extraction during the attack.
The campaign culminated in the deployment of Medusa ransomware, locking down affected networks.
Experts criticize Fortra for not being transparent about the vulnerabilities and delays in communication.
Understanding these attacks helps promote digital security awareness and preparedness across all organizations.