Fortra® Security & Trust Center

Blog

Top Five AI Threats to Watch Out for in H2 2025

By Meriam Senouci on Wed, 05/21/2025

AI threats can be plentiful and widespread. This blog breaks through the noise by identifying the top five riskiest AI threats to pay attention to this year. Fortra’s threat research breaks down what these threats are, how they are carried out by threat actors, and the risks they pose to all organizations regardless of size or industry.

Blog

Threat Analysis: Malicious NPM Package Leveraged in O365 Phishing Attack

By Israel Cerda on Tue, 05/20/2025

Blog

Patch Tuesday Update May 2025

By Tyler Reguly on Thu, 05/15/2025

Tyler Reguly covers the recent Patch Tuesday updates, with notable vulnerabilities such as four critical CVEs that scored above a CVSS 9.0.

Security Advisory

Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0

Mon, 04/28/2025

When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0.

Security Advisory

Input Validation vulnerability in Web Client emails that do not go through Secure Mail

Mon, 04/28/2025

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email. This could lead to a cross-site scripting attack by a malicious user.

Emerging Threats

Unauthenticated File Upload in SAP NetWeaver

Thu, 04/17/2025

Fortra is actively researching a vulnerability impacting SAP NetWeaver: CVE-2025-31324: CVSS 3.1: 10.

Blog

Threat Actor Profile: SheByte Phishing-as-a-Service

By Max Ickert on Thu, 04/17/2025

Blog

Your Taxes Are Done but the Scammers Aren’t

By Meriam Senouci on Wed, 04/16/2025

This blog conducts a deep dive into a recent and widespread tax scam identified through Fortra’s threat research. It offers the reader a detailed analysis into the email lure and provides insights with predictions into how these scammers can continue targeting victims even after the tax deadline has passed.

Blog

Patch Tuesday Update April 2025

By Tyler Reguly on Fri, 04/11/2025

This is a Patch Tuesday, where the casual observer needs to pay a bit more attention.

Emerging Threats

CrushFTP Authentication Bypass

Tue, 04/08/2025

Fortra is actively researching a critical authentication bypass vulnerability CVE-2025-31161 that allows attackers to bypass authentication and takeover of the CrushFTP admin account on the file transfer server through an exposed HTTP(S) port. The vulnerability can be exploited remotely.

Fortra® Security & Trust Center

Top Five AI Threats to Watch Out for in H2 2025

Threat Analysis: Malicious NPM Package Leveraged in O365 Phishing Attack

Patch Tuesday Update May 2025

Disclosure of sensitive information in an error message in GoAnywhere prior to version 7.8.0

Input Validation vulnerability in Web Client emails that do not go through Secure Mail

Unauthenticated File Upload in SAP NetWeaver

Threat Actor Profile: SheByte Phishing-as-a-Service

Your Taxes Are Done but the Scammers Aren’t

Patch Tuesday Update April 2025

CrushFTP Authentication Bypass

Privacy Policy

Cookie Policy

Accessibility

Impressum