Fortra® Security & Trust Center

Security Advisory

Unrestricted File Upload in FileCatalyst

Tue, 08/19/2025
Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page.
FI-2025-010
High
CVE-2025-8450
Blog

BEC Global Insights Report: September 2025

By John Farina on Fri, 08/15/2025
The monthly Global BEC Insights Report from Fortra presents a comprehensive analysis of the latest tactics, techniques, and procedures (TTP) employed by BEC threat actors. This report draws on extensive intelligence gathered from hundreds of active defense engagements conducted throughout the month. Key insights include geolocation data, attack volume, and the variety of scams, such as payroll diversion and advance fee fraud. The report also highlights the use of gift cards in scams, the requested amounts in wire transfer fraud, and the banks and webmail providers frequently targeted by attackers. These findings provide a critical understanding of the evolving BEC threat landscape.
Blog

BEC Global Insights Report: August 2025

By John Farina on Fri, 08/15/2025
The monthly Global BEC Insights Report from Fortra presents a comprehensive analysis of the latest tactics, techniques, and procedures (TTP) employed by BEC threat actors. This report draws on extensive intelligence gathered from hundreds of active defense engagements conducted throughout the month. Key insights include geolocation data, attack volume, and the variety of scams, such as payroll diversion and advance fee fraud. The report also highlights the use of gift cards in scams, the requested amounts in wire transfer fraud, and the banks and webmail providers frequently targeted by attackers. These findings provide a critical understanding of the evolving BEC threat landscape.
Blog

BEC Global Insights Report: July 2025

By John Farina on Fri, 08/15/2025
The monthly Global BEC Insights Report from Fortra presents a comprehensive analysis of the latest tactics, techniques, and procedures (TTP) employed by BEC threat actors. This report draws on extensive intelligence gathered from hundreds of active defense engagements conducted throughout the month. Key insights include geolocation data, attack volume, and the variety of scams, such as payroll diversion and advance fee fraud. The report also highlights the use of gift cards in scams, the requested amounts in wire transfer fraud, and the banks and webmail providers frequently targeted by attackers. These findings provide a critical understanding of the evolving BEC threat landscape.
Patch Tuesday Analysis
Vulnerability Research

August 2025 Patch Tuesday Analysis

By Tyler Reguly on Tue, 08/12/2025
window._wq = window._wq || []; _wq.push({ id: "j33dm1zdrk", options: { preload: "auto" } }); Today’s Patch Tuesday Alert addresses Microsoft’s August 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship ASPL-1169 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2025-53779A vulnerability in...
Threat Research & Intelligence
Vulnerability Management
railway
Blog

CVE-2025-1727 and Railway Cybersecurity

Mon, 07/21/2025
Learn about CVE-2025-1727, a high severity vulnerability that impacts railway systems, its impacts on critical infrastructure, and how federal compliance regulations can help defend against the threat of exploitation.