Topic: indicators of compromise

  • Fortra GoAnywhere Zero-Day Exploited: Critical Flaw CVE-2025-10035

    Fortra GoAnywhere Zero-Day Exploited: Critical Flaw CVE-2025-10035

    A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere platform, scoring 10.0 in severity, was exploited in zero-day attacks due to a deserialization flaw, with patches released on September 15, 2025. Evidence shows exploitation began as early as September 10, 2025, giving attackers an ...

    Read More »
  • Fortra GoAnywhere MFT Zero-Day Actively Exploited

    Fortra GoAnywhere MFT Zero-Day Actively Exploited

    A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT was exploited for over a week before a patch was released on September 18, 2025, allowing attackers to achieve remote code execution. The flaw, a deserialization vulnerability with a CVSS score of 10.0, enabled threat actors to ...

    Read More »
  • SystemBC Malware Hijacks VPS Servers as Proxy Gateways

    SystemBC Malware Hijacks VPS Servers as Proxy Gateways

    The SystemBC proxy botnet targets vulnerable commercial virtual private servers, maintaining around 1,500 daily compromised systems to route malicious traffic and mask cybercriminal activities. It is widely used by ransomware groups and other threat actors, leveraging unpatched security flaws in ...

    Read More »
  • Major Cybersecurity Firms Impacted by Salesloft Data Breach

    Major Cybersecurity Firms Impacted by Salesloft Data Breach

    A data breach at Salesloft impacted over 700 organizations, including major cybersecurity firms, by compromising OAuth tokens to access Salesforce databases and Google Workspace accounts. Attackers, identified as UNC6395, targeted AWS access keys, passwords, and Snowflake tokens, posing risks for...

    Read More »
  • Sitecore Zero-Day Exploit Actively Attacked (CVE-2025-53690)

    Sitecore Zero-Day Exploit Actively Attacked (CVE-2025-53690)

    A critical zero-day vulnerability (CVE-2025-53690) in Sitecore on-premises deployments is being actively exploited, allowing unauthorized access and remote code execution. Attackers leverage a known sample ASP.NET machine key to exploit ViewState deserialization, enabling them to deploy malware, ...

    Read More »