Fortra® Security & Trust Center

Blog

February 2026 Patch Tuesday Analysis

By Tyler Reguly on Tue, 02/10/2026

window._wq = window._wq || []; _wq.push({ id: "pfkv3uwo6m", options: { preload: "auto" } }); Today’s Patch Tuesday Alert addresses Microsoft’s February 2026 Security Updates. The FIRE team is actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.In-The-Wild & Disclosed CVEsCVE-2026-21519A type...

Blog

January 2026 Patch Tuesday Analysis

By Tyler Reguly on Tue, 01/13/2026

window._wq = window._wq || []; _wq.push({ id: "8cnkqcdcuf", options: { preload: "auto" } }); Today’s Patch Tuesday Alert addresses Microsoft’s January 2026 Security Updates. The FIRE team is actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.In-The-Wild & Disclosed CVEsCVE-2026-20805A...

Guide

Scripted Sparrow: A Prolific BEC Threat Group

Security Advisory

Weak Password Hash in Core Privileged Access Manager (BoKS)

Tue, 12/16/2025

Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain.

Vulnerability Research

December 2025 Patch Tuesday Analysis

By Tyler Reguly on Tue, 12/09/2025

window._wq = window._wq || []; _wq.push({ id: "80g9xzse35", options: { preload: "auto" } }); Today’s Patch Tuesday Alert addresses Microsoft’s December 2025 Security Updates. The FIRE team is actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.In-The-Wild & Disclosed CVEsCVE-2025-62221A use...

Security Advisory

Improper Access Control in SFTP service of GoAnywhere MFT

Fri, 12/05/2025

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key.

Emerging Threats

React Server Component Remote Code Execution Vulnerability

Wed, 12/03/2025

Fortra is actively researching a React Server Component vulnerability that could allow unauthenticated remote code execution.

Blog

Case Study: Evolving a Threat Hunting Analytic to Detect Post-Compromise Activity Across Customers

By Jamal Heard on Fri, 11/28/2025

Emerging Threats

FortiWeb UI Path Traversal Vulnerability

Tue, 11/18/2025

Fortra is actively researching a UI Path Traversal Vulnerability in FortiWeb that has been exploited in the wild.

Blog

November 2025 Patch Tuesday Analysis

By Tyler Reguly on Tue, 11/11/2025

window._wq = window._wq || []; _wq.push({ id: "1743wfafmo", options: { preload: "auto" } }); Today’s Patch Tuesday Alert addresses Microsoft’s November 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.In-The-Wild & Disclosed CVEsCVE-2025-62215This privilege...

Fortra® Security & Trust Center

February 2026 Patch Tuesday Analysis

January 2026 Patch Tuesday Analysis

Scripted Sparrow: A Prolific BEC Threat Group

Weak Password Hash in Core Privileged Access Manager (BoKS)

December 2025 Patch Tuesday Analysis

Improper Access Control in SFTP service of GoAnywhere MFT

React Server Component Remote Code Execution Vulnerability

Case Study: Evolving a Threat Hunting Analytic to Detect Post-Compromise Activity Across Customers

FortiWeb UI Path Traversal Vulnerability

November 2025 Patch Tuesday Analysis

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Fortra AI Use

Impressum