Patch Now: Max-Severity Fortra GoAnywhere Bug Allows Command Injection
Exploitation of the flaw, tracked as CVE-2025-10035, is highly dependent on whether systems are exposed to the Internet, according to Fortra.
Patch management fixes known software flaws before attackers exploit them, reducing intrusion risk; prioritize critical systems and verify deployment.
Search across headline titles and summaries.
Background for this topic.
Patch is a software, firmware, or configuration update that fixes a defect, including a vulnerability an attacker could use to gain access, execute code, escalate privileges, or expose data. Patching reduces the exploitable attack surface across operating systems, applications, network devices, and embedded systems; it does not remove risk from unsupported or misconfigured assets, and updates can sometimes introduce compatibility or availability problems.
Effective patch management starts with an accurate inventory and vulnerability assessment, then prioritizes internet-facing systems, high-impact assets, and flaws known to be exploited. Organizations should test updates where practical, deploy them within defined time limits, verify installation, and retain rollback or compensating controls when immediate patching is unsafe. Monitoring vendor advisories and threat intelligence can identify urgent fixes, while documenting exceptions and coverage supports vulnerability management and audit requirements.
Exploitation of the flaw, tracked as CVE-2025-10035, is highly dependent on whether systems are exposed to the Internet, according to Fortra.
Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in command injection attacks. [...]
Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands
Radware says flaw enabled hidden email prompts to trick Deep Research agent into exfiltrating sensitive data ChatGPT's research assistant sprung a leak – since patched – that let attackers steal Gmail secrets with just a single carefully crafted email.…
Sixth such Chrome flaw this year spotted by the Chocolate Factory, already in play Google pushed an emergency patch for a high-severity Chrome flaw, already under active exploitation. So it's time to make sure you're running the most recent version of the web browser.…
VC giant rebuilt boxes, patched holes, and says it’s beefed up security – but won’t say who did it Venture capital giant Insight Partners has confirmed that a January ransomware attack compromised the personal data of more than 12,000 people, including employees, former staff, and the firm's usually-secretive limited partners.…
Google has released emergency security updates to patch a Chrome zero-day vulnerability, the sixth one tagged as exploited in attacks since the start of the year. [...]
Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild
Startup Plans Unified Remediation for Misconfigurations and Patching, ComplianceRemedio has landed $65 million in funding to develop tools that go beyond detection and automate secure remediation. CEO Tal Kollender says the goal is faster growth, a bigger U.S. sales footprint, and delivering a platform that closes the gap between risk visibility and action.
May have been used in 'extremely sophisticated' attacks against 'specific targeted individuals' Apple backported a fix to older iPhones and iPads for a serious bug it patched last month – but only after it may have been exploited in what the company calls "extremely sophisticated" attacks.…
Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in "extremely sophisticated" attacks. [...]
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild
Vulnerabilities are discovered daily—but not every alert matters. SecAlerts pulls from 100+ sources for faster, real-time vuln alerts, filtering the noise so teams can patch quicker and stay secure. [...]