Fortra® Security & Trust Center

Emerging Threats

Commvault Remote Code Execution

Wed, 08/20/2025

Fortra is actively researching a critical remote code execution (RCE) vulnerability in Commvault (CVE-2025-57788, CVE-2025-57789, CVE-2025-57790, CVE-2025-57791) that allows attackers to bypass authentication and execute code on affected systems. The primary recommendation is to upgrade affected Commvault versions to the patched releases immediately.

Security Advisory

Unrestricted File Upload in FileCatalyst

Tue, 08/19/2025

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page.

Blog

BEC Global Insights Report: July 2025

By John Farina on Fri, 08/15/2025

The monthly Global BEC Insights Report from Fortra presents a comprehensive analysis of the latest tactics, techniques, and procedures (TTP) employed by BEC threat actors. This report draws on extensive intelligence gathered from hundreds of active defense engagements conducted throughout the month. Key insights include geolocation data, attack volume, and the variety of scams, such as payroll diversion and advance fee fraud. The report also highlights the use of gift cards in scams, the requested amounts in wire transfer fraud, and the banks and webmail providers frequently targeted by attackers. These findings provide a critical understanding of the evolving BEC threat landscape.

Emerging Threats

FortiSIEM Remote Unauthenticated Command Injection

Thu, 08/14/2025

Fortra is actively researching improper neutralization of special elements used in an OS command injection vulnerability [CWE-78] in FortiSIEM.

Vulnerability Research

August 2025 Patch Tuesday Analysis

By Tyler Reguly on Tue, 08/12/2025

Today’s Patch Tuesday Alert addresses Microsoft’s August 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship ASPL-1169 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2025-53779A vulnerability in Windows Server 2025 allows authorized users with access to the msds-groupMSAMembership and msds...

Blog

The Command Line Gap: How Metasploit Abuse and SOC Undertraining Are Leaving Organizations Exposed

By Vanessa Amond on Fri, 08/01/2025

Blog

Threat Group Tycoon2fa Targeting C-Suite in New Wave of QR Attacks

By Daud Jawad on Thu, 07/31/2025

Emerging Threats

CrushFTP Zero-Day Exploited in the Wild

Tue, 07/22/2025

Fortra is actively researching a zero-day exploit impacting CrushFTP.

Blog

CVE-2025-1727 and Railway Cybersecurity

By Meriam Senouci on Mon, 07/21/2025

Learn about CVE-2025-1727, a high severity vulnerability that impacts railway systems, its impacts on critical infrastructure, and how federal compliance regulations can help defend against the threat of exploitation.

Emerging Threats

Microsoft SharePoint Server Remote Code Execution Vulnerability

Mon, 07/21/2025

Fortra is actively researching a remote code execution vulnerability in Microsoft SharePoint Server.

Fortra® Security & Trust Center

Commvault Remote Code Execution

Unrestricted File Upload in FileCatalyst

BEC Global Insights Report: July 2025

FortiSIEM Remote Unauthenticated Command Injection

August 2025 Patch Tuesday Analysis

The Command Line Gap: How Metasploit Abuse and SOC Undertraining Are Leaving Organizations Exposed

Threat Group Tycoon2fa Targeting C-Suite in New Wave of QR Attacks

CrushFTP Zero-Day Exploited in the Wild

CVE-2025-1727 and Railway Cybersecurity

Microsoft SharePoint Server Remote Code Execution Vulnerability

Privacy Policy

Cookie Policy

Accessibility

Impressum