Fortra® Security & Trust Center

Blog

The Command Line Gap: How Metasploit Abuse and SOC Undertraining Are Leaving Organizations Exposed

By Vanessa Amond on Fri, 08/01/2025

Blog

Threat Group Tycoon2fa Targeting C-Suite in New Wave of QR Attacks

By Daud Jawad on Thu, 07/31/2025

Emerging Threats

CrushFTP Zero-Day Exploited in the Wild

Tue, 07/22/2025

Fortra is actively researching a zero-day exploit impacting CrushFTP.

Blog

CVE-2025-1727 and Railway Cybersecurity

By Meriam Senouci on Mon, 07/21/2025

Learn about CVE-2025-1727, a high severity vulnerability that impacts railway systems, its impacts on critical infrastructure, and how federal compliance regulations can help defend against the threat of exploitation.

Emerging Threats

Microsoft SharePoint Server Remote Code Execution Vulnerability

Mon, 07/21/2025

Fortra is actively researching a remote code execution vulnerability in Microsoft SharePoint Server.

Security Advisory

Broken Access Control Leads to Limited Denial of Service in GoAnywhere MFT Prior to 7.8.1

Wed, 07/16/2025

Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows an attacker to create a denial of service situation when configured to use GoAnywhere One-Time Password (GOTP) email two-factor authentication (2FA) and the user has not set an email address. In this scenario, the attacker may enter the email address of a known user when prompted and the user will be disabled if that user has...

Blog

Recapping the APWG Phishing Activity Trends Report from Q1 2025

By Meriam Senouci on Tue, 07/15/2025

APWG’s quarterly Phishing Activity Trends Report analyzes phishing trends and insights reported to APWG by their member companies and research partners. This blog provides a high-level overview of the latest phishing trends to watch out for, in addition to quotes and insights from Fortra experts.

Emerging Threats

FortiWeb Unauthenticated SQL Injection in GUI

Fri, 07/11/2025

Fortra is actively researching a critical unauthenticated SQL injection vulnerability affecting FortiWeb products identified as CVE-2025-25257. This vulnerability allows remote attackers to execute arbitrary SQL commands via crafted HTTP(s) requests without authentication, potentially resulting in full system compromise.

Blog

Active Phishing Campaign Targeting Job Seekers

By Israel Cerda on Thu, 07/10/2025

Blog

July 2025 Patch Tuesday Analysis

By Tyler Reguly on Tue, 07/08/2025

Today’s Patch Tuesday Alert addresses Microsoft’s July 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship ASPL-1164 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2025-49719The only publicly disclosed vulnerability this month is an information disclosure in Microsoft SQL Server. Successful...

Fortra® Security & Trust Center

The Command Line Gap: How Metasploit Abuse and SOC Undertraining Are Leaving Organizations Exposed

Threat Group Tycoon2fa Targeting C-Suite in New Wave of QR Attacks

CrushFTP Zero-Day Exploited in the Wild

CVE-2025-1727 and Railway Cybersecurity

Microsoft SharePoint Server Remote Code Execution Vulnerability

Broken Access Control Leads to Limited Denial of Service in GoAnywhere MFT Prior to 7.8.1

Recapping the APWG Phishing Activity Trends Report from Q1 2025

FortiWeb Unauthenticated SQL Injection in GUI

Active Phishing Campaign Targeting Job Seekers

July 2025 Patch Tuesday Analysis

Privacy Policy

Cookie Policy

Accessibility

Impressum