GoAnywhere MFT Zero-Day Exploited for Medusa Ransomware

A cybercrime group is actively exploiting a critical zero-day vulnerability in Fortra's GoAnywhere MFT software to deploy Medusa ransomware. Tracked as CVE-2025-10035, the maximum-severity flaw allows for remote code execution and was leveraged in attacks before a patch was available. Attackers gain initial access through the vulnerability, then use remote management tools for persistence and move laterally across networks. The group exfiltrates data before deploying the ransomware payload to encrypt victim files, impacting numerous critical infrastructure organizations. Security experts urge administrators to immediately upgrade to the latest patched version and inspect system logs for signs of compromise.

Latest mentioned: 10-06

Earliest mentioned: 10-06

Sources

microsoft.com bleepingcomputer.com cybersum.net

Also Read

BRONZE BUTLER Exploits LANSCOPE Zero-Day for Data Theft

In mid-2025, Secureworks CTU researchers uncovered a sophisticated cyber campaign by the BRONZE BUTLER group, exploiting a zero-day vulnerability in Motex LANSCOPE Endpoint Manager. This group, active since 2010, has a history of targeting specific organizations and government entities. The vulnerability, CVE-2025-61932, allows remote attackers to execute arbitrary commands with SYSTEM privileges. The campaign involved deploying Gokcpdoor and Havoc C2 frameworks, using legitimate tools like goddi and 7-Zip for data exfiltration. International cybersecurity authorities quickly responded, highlighting the severity of the threat.

10-31Read more →