Podcasts
CyberWire Daily
Ep 2412
The CyberWire Daily Podcast 10.14.25
Ep 2412 | 10.14.25

When GoAnywhere goes wrong.

Show Notes
Transcript

Fortra confirms an exploitation of the maximum-severity GoAnywhere flaw. Harvard investigates a claim of a breach. Banking Trojan targets Brazilian WhatsApp users. Reduction-in-force hits CISA. SimonMed says 1.2 million hit by Medusa ransomware. Netherlands invokes the Goods Availability Act against a Chinese company. We have our Business Breakdown. On today’s Industry Voices, we are joined by Mickey Bresman sharing insights on hybrid identity security. And, beware of the shuffler.

Today is October 14th, 2025. I’m Maria Varmazis, host of T-Minus Space Daily sitting in for Dave Bittner. And this is your CyberWire Intel Briefing.

Fortra confirms exploitation of maximum-severity GoAnywhere flaw.

Security firm Fortra has belatedly confirmed in-the-wild exploitation of a maximum-severity vulnerability in its GoAnywhere managed file transfer (MFT) software, which was patched three weeks ago. The vulnerability (CVE-2025-10035) is a deserialization flaw that "allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection."

The US Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities catalog two weeks ago, and Microsoft last week published a report on the active exploitation. CISA and Microsoft both say the vulnerability is being used in ransomware campaigns.

Researchers at watchTowr, who published a report on the vulnerability last month, note that some details of the exploitation are still unclear. watchTowr's CEO Ben Harris told CyberScoop that the exploitation implies that "the attacker has somehow circumvented, or satisfied, the cryptographic requirements needed to exploit this vulnerability."

Harvard investigates claims of a breach.

Harvard University has disclosed that it was compromised by a zero-day flaw affecting Oracle’s E-Business Suite (EBS) system, and the school is investigating a potential breach after the Clop ransomware gang listed the university on its leak site. Oracle issued an emergency patch for the flaw (CVE-2025-61882) last week.

A Harvard spokesperson told BleepingComputer, "Harvard is aware of reports that data associated with the University has been obtained as a result of a zero-day vulnerability in the Oracle E-Business Suite system. This issue has impacted many Oracle E-Business Suite customers and is not specific to Harvard. While the investigation is ongoing, we believe that this incident impacts a limited number of parties associated with a small administrative unit. Upon receiving it from Oracle, we applied a patch to remediate the vulnerability. We are continuing to monitor and have no evidence of compromise to other University systems."

Banking Trojan targets Brazilian WhatsApp users.

Sophos describes a malware campaign targeting Brazilian WhatsApp users with a banking Trojan tailored for customers of Brazilian banks and cryptocurrency exchanges. The malware is delivered by tricking users "into executing a malicious file attached to a self-spreading message received from a previously infected WhatsApp web session." It then sends similar malicious messages to all of the victim's contacts.

Sophos has observed first-stage PowerShell activity associated with this campaign "in over 400 customer environments on more than 1,000 endpoints."

Reduction-in-force hits CISA.

As the U.S. government shutdown drags on, CISA is now facing reductions-in-force (RIF) that threaten its already lean operations. With over 1,000 employees already departed this year, CISA had slated only 889 staffers to remain on duty during the shutdown—roughly 35 percent of its workforce. Last week, RIF notices began rolling out across the agency, putting the future staffing levels of its critical cybersecurity divisions at risk. Experts warn that amid rising cyber threats, even temporary staffing gaps could hinder detection, response, and information sharing.

SimonMed says 1.2 million hit by Medusa ransomware.

U.S. medical imaging provider SimonMed Imaging disclosed a data breach affecting 1.2 million patients, stemming from unauthorized access between January 21st and February 5th, 2025. The breach was uncovered when a vendor notified SimonMed of a security incident on January 27th. Investigators confirmed suspicious network activity the next day. Attackers claimed responsibility via the Medusa ransomware group, demanding $1 million and leaking data such as ID scans, patient details, and medical reports. SimonMed responded by resetting passwords, enforcing multi-factor authentication, deploying endpoint detection, and restricting third-party access. So far, SimonMed reports no confirmed misuse of the stolen data and is offering affected individuals free identity protection services. 

Netherlands invokes Goods Availability Act against Chinese company.

The Netherlands government has invoked extraordinary powers to override business decisions at Nexperia, a semiconductor firm partly owned by China, citing “serious governance shortcomings.” Under the newly-applied Goods Availability Act, Dutch authorities can block or reverse asset transfers and strategic moves perceived as threats to critical technological know-how. Nexperia’s parent, Wingtech, condemned the decree as geopolitically motivated and vowed to appeal in court. The move reflects broader concerns over Chinese influence and intellectual property transfer in the semiconductor sector, especially where cutting-edge technology like lithography is involved. Dutch security agencies have previously warned of escalating Chinese espionage efforts against domestic research institutions. 

First penalty of UK’s Online Safety Act issued.

The UK regulator Ofcom has issued a £20,000 fine to U.S.-based forum 4chan, marking the first enforcement under the UK’s Online Safety Act. The penalty stems from 4chan’s failure to respond to legally mandated requests for its “illegal harms” risk assessment and other compliance documentation. Ofcom will also impose an extra £100 daily fine for up to 60 days if the site still doesn’t comply. 4chan’s lawyers contend Ofcom lacks authority over a U.S. platform and refuse to pay, arguing the action conflicts with America’s free speech protections. The clash spotlights growing tension over jurisdiction in regulating online platforms.

Business Breakdown: 

Last week’s Business Breakdown highlights a staggering $250 million raised across 7 investments and 12 acquisitions. 

On the investment front, French open-source cybersecurity solution provider, Filigran, finished its Series C round, raising $58 million. This funding will be used to accelerate the company’s development of its OpenGRC platform, which is an open-source platform for Threat-Informed Cyber Risk Management. Alongside further developing this platform, Filigran is also looking to scale its presence in Saudi Arabia, Japan, the US, and the DACH region.

For acquisitions, the digital consulting firm, Synechron, acquired three companies as it looks to launch its new global ServiceNow business. The three companies are RapDev, Calitii, and Waivgen. RapDev is one of the world’s largest Datadog partners, Waivgen is a leading Appian partner, and Calitii architects and delivers full-scale ServiceNow implementations. Alongside debuting a global ServiceNow business, Synechron is also looking to expand outside the financial sector into new markets such as healthcare and energy.

Additionally, SAIC, the Virginia-based defense contractor, has acquired SilverEdge Government Solutions for $205 million.  With this acquisition, SAIC is looking to incorporate SilverEdge’s flagship product, SOAR, into its offerings. SOAR is a SaaS service that utilizes automation, AI/ML, data visualization, and cross-domain capabilities to deliver turnkey, customizable software solutions to clients.

And that wraps this week’s Business Breakdown. For deeper analysis on major business moves shaping the cybersecurity landscape, subscribe to N2K Pro and check out TheCyberWire.com every Wednesday for the latest updates.

 

Stick around after the break, on today’s Industry Voices, we are joined by Mickey Bresman sharing insights on hybrid identity security. And Beware of the shuffler.

On today’s Industry Voices Dave Bittner recently sat down with Mickey Bresman, Semperis CEO, and shared insights on hybrid identity security and their HIP Conference. Here is their conversation. 

That was Mickey Bresman, Semperis CEO, sharing insights on hybrid identity security and their HIP Conference.

Beware of the shuffler.

And finally, a group of researchers hacked an automatic card shuffler used in casinos by sneaking tiny sensors and wireless gear inside—basically turning a blackjack shoe into a spy gadget. The mod lets them track cards’ positions as they get shuffled and deliver real-time advice to a player’s phone. Wagers aside, it’s a brilliant act of “low-tech villainy meets high-tech mischief.” Casinos take note: even your shuffler might be listening.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Maria Varmazis in this week for Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.
ADVERTISEMENT
Sponsored by Semperis
Sponsored by Semperis

Semperis secures hybrid identity systems like Active Directory, Entra ID, and Okta, protecting over 100 million identities. It also supports the cyber community with tools like Purple Knight, Forest Druid, and the Hybrid Identity Protection (HIP) Conference and Podcast. Learn more.