Fortra® Security & Trust Center

Blog

June 2025 Patch Tuesday Analysis

By Tyler Reguly on Tue, 06/10/2025

Today’s Patch Tuesday Alert addresses Microsoft’s June 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship ASPL-1160 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2025-33053A WebDAV code execution vulnerability, CVE-2025-33053 requires that a user open a malicious .URL file for compromise to...

Blog

Top Five AI Threats to Watch Out for in H2 2025

By Meriam Senouci on Wed, 05/21/2025

AI threats can be plentiful and widespread. This blog breaks through the noise by identifying the top five riskiest AI threats to pay attention to this year. Fortra’s threat research breaks down what these threats are, how they are carried out by threat actors, and the risks they pose to all organizations regardless of size or industry.

Blog

Threat Analysis: Malicious NPM Package Leveraged in O365 Phishing Attack

By Israel Cerda on Tue, 05/20/2025

Blog

Patch Tuesday Update May 2025

By Tyler Reguly on Thu, 05/15/2025

Tyler Reguly covers the recent Patch Tuesday updates, with notable vulnerabilities such as four critical CVEs that scored above a CVSS 9.0.

Blog

BEC Global Insights Report: April 2025

By John Farina on Wed, 05/07/2025

The monthly Global BEC Insights Report from Fortra presents a comprehensive analysis of the latest tactics, techniques, and procedures (TTP) employed by BEC threat actors. This report draws on extensive intelligence gathered from hundreds of active defense engagements conducted throughout the month. Key insights include geolocation data, attack volume, and the variety of scams, such as payroll diversion and advance fee fraud. The report also highlights the use of gift cards in scams, the requested amounts in wire transfer fraud, and the banks and webmail providers frequently targeted by attackers. These findings provide a critical understanding of the evolving BEC threat landscape.

Security Advisory

Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0

Mon, 04/28/2025

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0.

Security Advisory

Input Validation vulnerability in Web Client emails that do not go through Secure Mail

Mon, 04/28/2025

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email. This could lead to a cross-site scripting attack by a malicious user.

Emerging Threats

Unauthenticated File Upload in SAP NetWeaver

Thu, 04/17/2025

Fortra is actively researching a vulnerability impacting SAP NetWeaver: CVE-2025-31324: CVSS 3.1: 10.

Blog

Threat Actor Profile: SheByte Phishing-as-a-Service

By Max Ickert on Thu, 04/17/2025

Blog

Your Taxes Are Done but the Scammers Aren’t

By Meriam Senouci on Wed, 04/16/2025

This blog conducts a deep dive into a recent and widespread tax scam identified through Fortra’s threat research. It offers the reader a detailed analysis into the email lure and provides insights with predictions into how these scammers can continue targeting victims even after the tax deadline has passed.

Fortra® Security & Trust Center

June 2025 Patch Tuesday Analysis

Top Five AI Threats to Watch Out for in H2 2025

Threat Analysis: Malicious NPM Package Leveraged in O365 Phishing Attack

Patch Tuesday Update May 2025

BEC Global Insights Report: April 2025

Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0

Input Validation vulnerability in Web Client emails that do not go through Secure Mail

Unauthenticated File Upload in SAP NetWeaver

Threat Actor Profile: SheByte Phishing-as-a-Service

Your Taxes Are Done but the Scammers Aren’t

Privacy Policy

Cookie Policy

Accessibility

Impressum