Fortra® Security & Trust Center

Blog

February 2026 Patch Tuesday Analysis

By Tyler Reguly on Tue, 02/10/2026

Today’s Patch Tuesday Alert addresses Microsoft’s February 2026 Security Updates. The FIRE team is actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.

Blog

Fortra Patch Priority Index for January 2026

By Lane Thames on Mon, 02/09/2026

Discover January 2026’s top patch priorities, including critical Microsoft and Google vulnerabilities across Windows, Office, Edge, SharePoint, SQL Server, and more.

Blog

SEO Poisoning Marketplace Topping Search Results, Impersonating Top Financial Institutions

By Kyle Skwirsk on Mon, 01/26/2026

Introduction to the HaxorSEO MarketplaceFortra Intelligence and Research Experts (FIRE) have uncovered a group of active malicious threat actors operating since 2020. The group refers to themselves as Haxor, a slang word for hackers, and their marketplace as HxSEO, or HaxorSEO. HxSEO has established its primary base of operations and marketplace on Telegram and WhatsApp. HxSEO stands out for...

Blog

BEC Global Insights Report: December 2025

By JT Newby on Fri, 01/16/2026

This report from Fortra Intelligence & Research Experts (FIRE) outlines key BEC trends for December 2025 based on active defense engagements. Findings include a 1% increase in overall attack volume compared to November, with gift cards as the leading cash-out method (52.8%) and Apple Store cards being most requested (50%).

Blog

January 2026 Patch Tuesday Analysis

By Tyler Reguly on Tue, 01/13/2026

Today’s Patch Tuesday Alert addresses Microsoft’s January 2026 Security Updates. The FIRE team is actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.

Guide

Scripted Sparrow: A Prolific BEC Threat Group

Security Advisory

Weak Password Hash in Core Privileged Access Manager (BoKS)

Tue, 12/16/2025

Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain.

Vulnerability Research

December 2025 Patch Tuesday Analysis

By Tyler Reguly on Tue, 12/09/2025

Today’s Patch Tuesday Alert addresses Microsoft’s December 2025 Security Updates. The FIRE team is actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.

Security Advisory

Improper Access Control in SFTP service of GoAnywhere MFT

Fri, 12/05/2025

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key.

Emerging Threats

React Server Component Remote Code Execution Vulnerability

Wed, 12/03/2025

Fortra is actively researching a React Server Component vulnerability that could allow unauthenticated remote code execution.

Fortra® Security & Trust Center

February 2026 Patch Tuesday Analysis

Fortra Patch Priority Index for January 2026

SEO Poisoning Marketplace Topping Search Results, Impersonating Top Financial Institutions

BEC Global Insights Report: December 2025

January 2026 Patch Tuesday Analysis

Scripted Sparrow: A Prolific BEC Threat Group

Weak Password Hash in Core Privileged Access Manager (BoKS)

December 2025 Patch Tuesday Analysis

Improper Access Control in SFTP service of GoAnywhere MFT

React Server Component Remote Code Execution Vulnerability

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Fortra AI Use

Impressum