Fortra® Security & Trust Center
Security Advisory
Weak Password Hash in Core Privileged Access Manager (BoKS)
Tue, 12/16/2025
Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain.
Vulnerability Research
December 2025 Patch Tuesday Analysis
By Tyler Reguly on Tue, 12/09/2025
Today’s Patch Tuesday Alert addresses Microsoft’s December 2025 Security Updates. The FIRE team is actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.In-The-Wild & Disclosed CVEsCVE-2025-62221A use after free vulnerability in the Windows Cloud Files Mini Filter could allow an authenticated user to...
Security Advisory
Improper Access Control in SFTP service of GoAnywhere MFT
Fri, 12/05/2025
An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key.
Emerging Threats
React Server Component Remote Code Execution Vulnerability
Wed, 12/03/2025
Fortra is actively researching a React Server Component vulnerability that could allow unauthenticated remote code execution.
Blog
Case Study: Evolving a Threat Hunting Analytic to Detect Post-Compromise Activity Across Customers
By Jamal Heard on Fri, 11/28/2025
Emerging Threats
FortiWeb UI Path Traversal Vulnerability
Tue, 11/18/2025
Fortra is actively researching a UI Path Traversal Vulnerability in FortiWeb that has been exploited in the wild.
Blog
November 2025 Patch Tuesday Analysis
By Tyler Reguly on Tue, 11/11/2025
Today’s Patch Tuesday Alert addresses Microsoft’s November 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.In-The-Wild & Disclosed CVEsCVE-2025-62215This privilege escalation vulnerability in the Windows Kernel has been rated by Microsoft as Important. Successful...
Blog
BEC Global Insights Report: October 2025
By John Farina on Mon, 11/10/2025
The monthly Global BEC Insights Report from Fortra presents a comprehensive analysis of the latest tactics, techniques, and procedures (TTP) employed by BEC threat actors. This report draws on extensive intelligence gathered from hundreds of active defense engagements conducted throughout the month. Key insights include geolocation data, attack volume, and the variety of scams, such as payroll diversion and advance fee fraud. The report also highlights the use of gift cards in scams, the requested amounts in wire transfer fraud, and the banks and webmail providers frequently targeted by attackers. These findings provide a critical understanding of the evolving BEC threat landscape.
Blog
October 2025 Patch Tuesday Analysis
By Tyler Reguly on Tue, 10/14/2025
Today’s Patch Tuesday Alert addresses Microsoft’s October 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.In-The-Wild & Disclosed CVEsCVE-2025-47827The first exploitation detected CVE this month is a vulnerability discovered by Zack Didcott that was disclosed in May...
