Aggregator
CVE-2025-61778 | akkadotnet akka.net up to 1.5.51 authentication spoofing
CVE-2025-61687 | FlowiseAI Flowise 3.0.7 unrestricted upload (GHSA-35g6-rrw3-v6xc)
CVE-2025-61766 | weirdgloop mediawiki-extensions-Bucket up to 0.x on MediaWiki recursion
CVE-2025-36355 | IBM Security Verify Access Appliance up to 10.0.9.0 IF2/11.0.1.0 inclusion of functionality from untrusted control sphere
CVE-2025-36354 | IBM Security Verify Access Appliance up to 10.0.9.0 IF2/11.0.1.0 os command injection
CVE-2025-36356 | IBM Security Verify Access Appliance up to 10.0.9.0 IF2/11.0.1.0 unnecessary privileges
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability
Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT's License Servlet, tracked as CVE-2025-10035. We are publishing this blog post to increase awareness of this threat and to share end-to-end protection coverage details across Microsoft Defender.
The post Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability appeared first on Microsoft Security Blog.
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability
Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT's License Servlet, tracked as CVE-2025-10035. We are publishing this blog post to increase awareness of this threat and to share end-to-end protection coverage details across Microsoft Defender.
The post Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability appeared first on Microsoft Security Blog.