Fortra® Security & Trust Center

Emerging Threats

CrushFTP Authentication Bypass

Tue, 04/08/2025
Fortra is actively researching a critical authentication bypass vulnerability CVE-2025-31161 that allows attackers to bypass authentication and takeover of the CrushFTP admin account on the file transfer server through an exposed HTTP(S) port. The vulnerability can be exploited remotely.
Blog

BEC Global Insights Report: March 2025

By John Farina on Fri, 03/07/2025
The monthly Global BEC Insights Report from Fortra presents a comprehensive analysis of the latest tactics, techniques, and procedures (TTP) employed by BEC threat actors. This report draws on extensive intelligence gathered from hundreds of active defense engagements conducted throughout the month. Key insights include geolocation data, attack volume, and the variety of scams, such as payroll diversion and advance fee fraud. The report also highlights the use of gift cards in scams, the requested amounts in wire transfer fraud, and the banks and webmail providers frequently targeted by attackers. These findings provide a critical understanding of the evolving BEC threat landscape.
Blog

BEC Global Insights Report: February 2025

By John Farina on Fri, 03/07/2025
The monthly Global BEC Insights Report from Fortra presents a comprehensive analysis of the latest tactics, techniques, and procedures (TTP) employed by BEC threat actors. This report draws on extensive intelligence gathered from hundreds of active defense engagements conducted throughout the month. Key insights include geolocation data, attack volume, and the variety of scams, such as payroll diversion and advance fee fraud. The report also highlights the use of gift cards in scams, the requested amounts in wire transfer fraud, and the banks and webmail providers frequently targeted by attackers. These findings provide a critical understanding of the evolving BEC threat landscape.
Blog

BEC Global Insights Report: January 2025

By John Farina on Mon, 02/10/2025
The monthly Global BEC Insights Report from Fortra presents a comprehensive analysis of the latest tactics, techniques, and procedures (TTP) employed by BEC threat actors. This report draws on extensive intelligence gathered from hundreds of active defense engagements conducted throughout the month. Key insights include geolocation data, attack volume, and the variety of scams, such as payroll diversion and advance fee fraud. The report also highlights the use of gift cards in scams, the requested amounts in wire transfer fraud, and the banks and webmail providers frequently targeted by attackers. These findings provide a critical understanding of the evolving BEC threat landscape.