Fortra® Security & Trust Center

Emerging Threats

Unauthenticated File Upload in SAP NetWeaver

Thu, 04/17/2025

Fortra is actively researching a vulnerability impacting SAP NetWeaver: CVE-2025-31324: CVSS 3.1: 10.

Security Advisory

Input Validation vulnerability in Web Client emails that do not go through Secure Mail

Mon, 04/28/2025

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email. This could lead to a cross-site scripting attack by a malicious user.

Blog

Your Taxes Are Done but the Scammers Aren’t

By Meriam Senouci on Wed, 04/16/2025

This blog conducts a deep dive into a recent and widespread tax scam identified through Fortra’s threat research. It offers the reader a detailed analysis into the email lure and provides insights with predictions into how these scammers can continue targeting victims even after the tax deadline has passed.

Blog

Threat Actor Profile: SheByte Phishing-as-a-Service

By Max Ickert on Thu, 04/17/2025

Security Advisory

Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0

Mon, 04/28/2025

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0.

Blog

Patch Tuesday Update April 2025

By Tyler Reguly on Fri, 04/11/2025

This is a Patch Tuesday, where the casual observer needs to pay a bit more attention.

Emerging Threats

CrushFTP Authentication Bypass

Tue, 04/08/2025

Fortra is actively researching a critical authentication bypass vulnerability CVE-2025-31161 that allows attackers to bypass authentication and takeover of the CrushFTP admin account on the file transfer server through an exposed HTTP(S) port. The vulnerability can be exploited remotely.

Emerging Threats

Multiple Vulnerabilities Impacting ingress-nginx Controller for Kubernetes

Fri, 01/17/2025

Wiz Research has discovered several vulnerabilities in the ingress-nginx Controller for Kubernetes. These vulnerabilities could expose all secrets stored across all namespaces in the Kubernetes cluster.

Blog

Patch Tuesday Update March 2025

By Tyler Reguly on Thu, 03/13/2025

This is a Patch Tuesday, where the casual observer needs to pay a bit more attention.

Emerging Threats

Multiple Vulnerabilities Impacting VMware ESXi, Workstation, and Fusion Updates

Fri, 03/07/2025

Fortra is actively researching multiple vulnerabilities impacting VMware ESXi, Workstation, and Fusion Updates.

Fortra® Security & Trust Center

Unauthenticated File Upload in SAP NetWeaver

Input Validation vulnerability in Web Client emails that do not go through Secure Mail

Your Taxes Are Done but the Scammers Aren’t

Threat Actor Profile: SheByte Phishing-as-a-Service

Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0

Patch Tuesday Update April 2025

CrushFTP Authentication Bypass

Multiple Vulnerabilities Impacting ingress-nginx Controller for Kubernetes

Patch Tuesday Update March 2025

Multiple Vulnerabilities Impacting VMware ESXi, Workstation, and Fusion Updates

Privacy Policy

Cookie Policy

Accessibility

Impressum