
Microsoft Warns: Critical GoAnywhere Bug Actively Exploited in Medusa Ransomware Campaign
Active zero-day exploitation of a critical vulnerability, CVE-2025-10035, in Fortra’s GoAnywhere MFT platform by the cybercrime group Storm-1175, which is affiliated with the Medusa ransomware operation. They explain that this deserialization flaw allows remote access with low complexity and was exploited for several days before a patch was made available. Furthermore, the text details the multi-stage attack methodology used by Storm-1175, which includes establishing persistence using legitimate remote monitoring tools, conducting network reconnaissance, exfiltrating data with Rclone, and ultimately deploying Medusa ransomware. Finally, the sources offer comprehensive mitigation strategies, urging immediate patching and suggesting defense-in-depth measures, while also advertising the consulting and incident response services of Technijian, a managed IT services provider, to help organizations secure their systems. ... Read More