Fortra confirms exploitation of maximum-severity GoAnywhere flaw.

Summary

By the CyberWire staff

Fortra confirms exploitation of maximum-severity GoAnywhere flaw.

Security firm Fortra has belatedly confirmed in-the-wild exploitation of a maximum-severity vulnerability in its GoAnywhere managed file transfer (MFT) software, which was patched three weeks ago, CyberScoop reports. The vulnerability (CVE-2025-10035) is a deserialization flaw that "allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection."

The US Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities catalog two weeks ago, and Microsoft last week published a report on the active exploitation. CISA and Microsoft both say the vulnerability is being used in ransomware campaigns.

Researchers at watchTowr, who published a report on the vulnerability last month, note that some details of the exploitation are still unclear. watchTowr's CEO Ben Harris told CyberScoop that the exploitation implies that "the attacker has somehow circumvented, or satisfied, the cryptographic requirements needed to exploit this vulnerability."

Control what runs in your environment. Reduce your attack surface.

ThreatLocker helps organizations reduce risk by allowing trusted applications to run while limiting their access to only the resources they need. It’s a straightforward, default deny approach that gives you more control and visibility—without slowing down operations. Explore how ThreatLocker can help simplify your security strategy.

Harvard investigates claims of a breach.

Harvard University has disclosed that it was compromised by a zero-day flaw affecting Oracle’s E-Business Suite (EBS) system, and the school is investigating a potential breach after the Clop ransomware gang listed the university on its leak site. Oracle issued an emergency patch for the flaw (CVE-2025-61882) last week.

A Harvard spokesperson told BleepingComputer, "Harvard is aware of reports that data associated with the University has been obtained as a result of a zero-day vulnerability in the Oracle E-Business Suite system. This issue has impacted many Oracle E-Business Suite customers and is not specific to Harvard. While the investigation is ongoing, we believe that this incident impacts a limited number of parties associated with a small administrative unit. Upon receiving it from Oracle, we applied a patch to remediate the vulnerability. We are continuing to monitor and have no evidence of compromise to other University systems."

SecAI+: CompTIA’s first AI certification.

CompTIA is developing their first-ever certification focused on artificial intelligence in cybersecurity. The SecAI+certification aims to help mid-career cybersecurity professionals demonstrate competencies with AI tools. Learn how N2K can help you get a jumpstart on preparing for this new certification today.

Banking Trojan targets Brazilian WhatsApp users.

Sophos describes a malware campaign targeting Brazilian WhatsApp users with a banking Trojan tailored for customers of Brazilian banks and cryptocurrency exchanges. The malware is delivered by tricking users "into executing a malicious file attached to a self-spreading message received from a previously infected WhatsApp web session." It then sends similar malicious messages to all of the victim's contacts.

Sophos has observed first-stage PowerShell activity associated with this campaign "in over 400 customer environments on more than 1,000 endpoints."

Notes.

Today's issue includes events affecting , and Brazil the United States.

Attacks, Threats, and Vulnerabilities

SimonMed says 1.2 million patients impacted in January data breach (BleepingComputer) U.S. medical imaging provider SimonMed Imaging is notifying more than 1.2 million individuals of a data breach that exposed their sensitive information.

Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating (WIRED) Security researchers accessed an internal camera inside the Deckmate 2 shuffler to learn the exact deck order—and the hand of every player at a poker table.

Legislation, Policy, and Regulation

Government Shutdown Fallout: RIF Notices Hit CISA as Cyber Threats Rise (ClearanceJobs) As the government shutdown continues, it could be a good time for hackers, cyber criminals, and even America’s adversaries, warned cybersecurity experts.

Nexperia: Dutch government takes control of China-owned chip firm (BBC: World News & Stories) The move, which is aimed to protect supplies of technology, could raise tensions between the EU and China.

Litigation, Investigation, and Law Enforcement

UK fines 4chan over noncompliance with Online Safety Act (The Record) Britain's communications regulator took another step in a process that could lead to internet service providers being required to block access to 4chan.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

AFRL Space Cyber Summit (Albuquerque, New Mexico, USA, Oct 15 - 16, 2025) The AFRL Space Cyber Summit is an annual event hosted by the Air Force Research Laboratory (AFRL) to bring together experts from government, academia, and industry to advance space cyber expertise and technologies, foster community-wide collaboration, and anticipate future technology growth in a cyber-contested space domain. The summit aims to develop cyber-secure systems for space, protect against evolving threats, and identify opportunities for collaboration and innovation.

ISC2 Security Congress 2025 (Nashville + Virtual, Tennessee, USA, Oct 29 - 31, 2025) Join thousands of cybersecurity experts at ISC2 Security Congress 2025 and help lead the future of our connected world. Gain the insights you need to stay ahead of the evolving digital landscape. From innovative software to new security strategies, ISC2 Security Congress 2025 is designed to ensure you can navigate tomorrow’s threats.

Cyber Innovation Day 2025 | Datatribe (Washington, DC, USA, Nov 4, 2025) If you’re raising a seed or pre-seed round and are building the next category-defining company, we want to hear from you! The DataTribe Challenge is the headline event of the afternoon at Cyber Innovation Day 2025, where five finalists take the stage after weeks of hands-on coaching from seasoned startup operators and investors. These five finalists—along with additional promising startups—will exhibit in the Cyber Innovation Expo Hall, gaining high-impact exposure to top investors, cybersecurity leaders, and strategic partners.

CYBERWARCON (Virtual and Arlington, Virginia, USA, Nov 19, 2025) CYBERWARCON is a one-day conference in Arlington, VA focused on the specter of destruction, disruption, and malicious influence on our society through cyber capabilities. CYBERWARCON is not a hacker conference, or an ICS conference, or an international policy conference. The central purpose of this conference is to identify and explore threats. Participants and attendees come from a spectrum of backgrounds, including the military and government, academia, the media, and the private sector.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 10.14.25

Top stories.

Fortra confirms exploitation of maximum-severity GoAnywhere flaw.

Harvard investigates claims of a breach.

Banking Trojan targets Brazilian WhatsApp users.

Notes.

Attacks, Threats, and Vulnerabilities

Legislation, Policy, and Regulation

Litigation, Investigation, and Law Enforcement

Events