Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day
A critical deserialization vulnerability in Fortra GoAnywhere MFT (CVE-2025-10035) was exploited in the wild at least eight days before patches were released.
Two zero-day Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428) were chained to deploy malware and enable arbitrary code execution on compromised servers.
Update Chrome immediately to patch CVE-2025-10585, a V8 type-confusion vulnerability actively exploited to enable crashes, arbitrary code execution, and potential system compromise.
Critical memory-overflow and access-control vulnerabilities in Citrix NetScaler ADC/Gateway allow remote code execution, denial-of-service, and are being actively exploited.
Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage
Murky Panda exploits trusted cloud relationships, internet-facing appliances, and supply-chain weaknesses to gain access and deploy a Golang RAT called CloudedHope.