All news with #storm-1175 tag

Active Exploitation of GoAnywhere CVE-2025-10035 Observed

🔒 Microsoft Threat Intelligence warns of active exploitation of a critical deserialization vulnerability in GoAnywhere MFT License Servlet (CVE-2025-10035, CVSS 10.0) that can allow forged license responses to trigger arbitrary object deserialization and potential remote code execution. Activity attributed to Storm-1175 included initial access via this flaw, deployment of RMM tools (SimpleHelp, MeshAgent), and at least one Medusa ransomware incident. Customers should upgrade per Fortra guidance, run EDR in block mode, restrict outbound connections, and use the provided Defender detections and IoCs for hunting and response.