Researchers analyze maximum-severity Fortra vulnerability.

Summary

By the CyberWire staff

Researchers analyze maximum-severity Fortra vulnerability.

Researchers at watchTowr have published an analysis of a maximum-severity vulnerability (CVE-2025-10035) affecting Fortra's GoAnywhere Managed File Transfer (MFT) solution. Fortra issued patches for the flaw last week, and users are urged to ensure their deployments are up-to-date. Fortra says users should "[i]mmediately ensure that access to the GoAnywhere Admin Console is not open to the public. Exploitation of this vulnerability is highly dependent upon systems being externally exposed to the internet." watchTowr says 20,000 GoAnywhere instances are currently exposed to the Internet.

Fortra hasn't stated whether the vulnerability has been exploited, but the company stated "Customers are advised to monitor their Admin Audit logs for suspicious activity and the log files for errors containing SignedObject.getObject: If this string is present in an exception stack trace (similar to the following), then the instance was likely affected by this vulnerability." watchTowr notes that this ambiguous wording may imply in-the-wild exploitation.

Protect data. Secure AI. Innovate now. Join us at DataSecAI 2025.

AI adoption is exploding, and security teams are under pressure to keep up. That’s why the industry is coming together at DataSecAI25, the premier event for cybersecurity, data, and AI leaders, hosted by Cyera.

Built for the industry, by the industry, this two-day event is where real-world insights and bold solutions take center stage. DataSecAI25 is happening November 12–13 in Dallas. No cost to attend - just bring your perspective and join the conversation. Register now to save your seat!

China-nexus threat actors deploy BRICKSTORM backdoor against the tech and legal sectors.

Mandiant warns that the China-linked group UNC5221 is using a new version of the BRICKSTORM backdoor to target legal entities, SaaS providers, business process outsourcers, and technology companies. Mandiant notes that "[t]he value of these targets extends beyond typical espionage missions, potentially providing data to feed development of zero-days and establishing pivot points for broader access to downstream victims."

The researchers explain, "BRICKSTORM includes SOCKS proxy functionality and is written in Go, which has wide cross-platform support. This is essential to support the actor’s preference to deploy backdoors on appliance platforms that do not support traditional EDR tools. Mandiant has found evidence of BRICKSTORM on Linux and BSD-based appliances from multiple manufacturers. Although there is evidence of a BRICKSTORM variant for Windows, Mandiant has not observed it in any investigation."

Cloudflare thwarts another record DDoS attack.

Cloudflare mitigated a record-breaking DDoS attack that peaked at 22.2 terabits per second and 10.6 billion packets per second. Cloudflare said in an X post that the attack was "twice as large as anything seen on the Internet before." The attack lasted 40 seconds and targeted the victim with an amount of data equivalent to streaming one million 4K videos simultaneously, according to BleepingComputer.

Notes.

Today's issue includes events affecting , and China the United States.

Attacks, Threats, and Vulnerabilities

A Vietnamese threat actor's shift from PXA Stealer to PureRAT (Huntress) Trace a threat actor's journey from custom Python stealers to a sophisticated commodity RAT. Learn how their tactics evolved and why this shift to .NET matters.

The Scam That Won’t Quit: Malicious “TradingView Premium” Ads Jump from Meta to Google and YouTube (Bitdefender Labs) Over the past year, Bitdefender researchers have been monitoring a persistent malicious campaign that initially spread via Facebook Ads, promising “free access” to TradingView Premium and other trading or financial platforms.

New Report: The Growing Exposure of ICS/OT Devices (Bitsight) A new Bitsight TRACE threat research report shows that Industrial Control System and Operational Technology (ICS/OT) exposure is climbing again. Learn more.

Products, Services, and Solutions

Optiv + ClearShark Achieves CMMC Level 2 Certification, Strengthening Federal Cybersecurity Leadership (Optiv) Optiv + ClearShark, the leading cybersecurity and IT solutions provider focused exclusively on serving the U.S. federal government, today announced it has achieved Cybersecurity Maturity Model Certification (CMMC) Level 2 certification, which validates the company’s ability to protect sensitive government data and meet the U.S. Department of Defense’s highest security expectations for contractors.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

DTEX NEXT (Virtual, Oct 7, 2025) DTEX NEXT is where the future of proactive security takes shape. Join us as we unveil our latest advancements in DTEX Insider Risk Management (IRM) and DTEX Risk-Adaptive Data Loss Prevention (DLP), powered by industry-leading behavioral science, advanced AI, and our strategic collaboration with AWS.

Events

Open Source Security Summit 2025 (Virtual, Sep 25, 2025) The sixth annual Open Source Security Summit brings together business leaders, industry visionaries, and technology users to chart a path forward and highlight the future of open source security solutions at this free virtual event. Register now to explore advancements in open source security and how using open source tools can build trust with customers and consumers.

HackAICon 2025 (Lisbon, Portugal, Sep 25, 2025) The first conference dedicated to combining AI and Ethical Hacking. We're bringing together OffSec pros, hackers, and leading researchers to find practical ways of using AI to secure the internet. Learn about the latest AI Hacking cosmic trends and connect with fellow professionals in engaging conversations. We banned sales pitches from the event - just knowledge sharing, leadership and technical insights.

US Cyber Team® Draft Day (Virtual and Washington, DC, USA, Sep 25, 2025) The mission of the US Cyber Games® is to bring talented cybersecurity athletes, coaches, and industry leaders together to build an elite US Cyber Team for global cybersecurity competition. Games, Esports, and Online Tournaments are the next evolution in preparing tomorrow's workforce.

Don’t miss Jen Easterly, former CISA Director, headlining HIP Conf 25 (Charleston, SC, USA, Oct 7 - 9, 2025) Jen Easterly, former CISA Director, keynotes HIP Conf 2025. A globally recognized cybersecurity leader, Easterly brings unmatched insight into hybrid identity security and resilience. Register now for this must-attend event.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 09.25.25

Top stories.

Researchers analyze maximum-severity Fortra vulnerability.

China-nexus threat actors deploy BRICKSTORM backdoor against the tech and legal sectors.

Cloudflare thwarts another record DDoS attack.

Notes.

Attacks, Threats, and Vulnerabilities

Products, Services, and Solutions

Newly Noted Events

Events