Wednesday , June 25 2025

GoAnywhere Zero-Day Attack Hits Major Orgs

More organizations are emerging to confirm impact from the newly disclosed in-the-wild zero-day exploits hitting Fortra’s GoAnywhere managed file transfer (MFT) software.

Tracked as CVE-2023-0669, the vulnerability was publicly disclosed in early February alongside zero-day exploitation and a patch was released a week later.

WhatsApp banned on all US House of Representatives devices

The U.S. House of Representatives has banned congressional staff from using WhatsApp on government devices due to security concerns, as...
Read More
WhatsApp banned on all US House of Representatives devices

Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

Kaspersky found a new mobile malware dubbed SparkKitty in Google Play and Apple App Store apps, targeting Android and iOS....
Read More
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

OWASP has released its AI Testing Guide, a framework to help organizations find and fix vulnerabilities specific to AI systems....
Read More
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

In a major milestone for the country’s digital infrastructure, Axentec PLC has officially launched Axentec Cloud, Bangladesh’s first Tier-4 cloud...
Read More
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

Hackers Bypass Gmail MFA With App-Specific Password Reuse

A hacking group reportedly linked to Russian government has been discovered using a new phishing method that bypasses two-factor authentication...
Read More
Hackers Bypass Gmail MFA With App-Specific Password Reuse

Russia detects first SuperCard malware attacks via NFC

Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...
Read More
Russia detects first SuperCard malware attacks via NFC

Income Property Investments exposes 170,000+ Individuals record

Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...
Read More
Income Property Investments exposes 170,000+ Individuals record

ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...
Read More
ALERT (CVE: 2023-28771)  Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

CISA Flags Active Exploits in Apple iOS and TP-Link Routers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...
Read More
CISA Flags Active Exploits in Apple iOS and TP-Link Routers

10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online

SafetyDetectives’ Cybersecurity Team discovered a public post on a clear web forum in which a threat actor claimed to have...
Read More
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online

Soon after, attacks targeting the security defect were linked to a Russian-speaking threat actor called ‘Silence’ that has been linked to the distribution of the Cl0p ransomware.

Over the past week, the ransomware group started posting on their Tor-based leak site the names of organizations allegedly impacted by the incident, including the City of Toronto, luxury brand retailer Saks Fifth Avenue, American education platform Pluralsight, consumer goods giant Procter & Gamble, mining company Rio Tinto, and the U.K.’s Pension Protection Fund (PPF).

Previously, sustainable energy giant Hitachi Energy, California-based digital bank Hatch Bank, cybersecurity firm Rubrik, and healthcare provider Community Health Systems confirmed impact from the GoAnywhere attack.

Responding to a SecurityWeek inquiry, the City of Toronto confirmed that some data was compromised in an incident at a third-party vendor, without specifically naming Fortra’s GoAnywhere service.

“The access is limited to files that were unable to be processed through the third-party secure file transfer system. The City is actively investigating the details of the identified files,” a City of Toronto official said.

Saks Fifth Avenue confirmed that some of its data was stolen following the GoAnywhere incident but claimed that no real customer data was impacted.

“Fortra, a vendor to Saks and many other companies, recently experienced a data security incident that led to mock customer data being taken from a storage location used by Saks. The mock customer data does not include real customer or payment card information and is solely used to simulate customer orders for testing purposes,” Saks told SecurityWeek.

Pluralsight says that it immediately discontinued the use of GoAnywhere after Fortra informed them of the incident, and that it also notified all affected customers of the risks associated with the attack.

In a statement on its website, PPF says that employee data was compromised in the GoAnywhere incident, and that it stopped using the service immediately after learning that.

P&G has confirmed that some employee data was stolen in the incident, but said the incident did not impact customer data, Social Security numbers or financial information.

Virgin confirmed not only the impact from the incident, but also that the Cl0p gang contacted them directly to claim possession of stolen data. “We were recently contacted by a ransomware group, calling themselves Cl0p, who illegally obtained some Virgin Red files via a cyber-attack on our supplier, GoAnywhere. The files in question pose no risk to customers or employees as they contain no personal data,” a Virgin Red spokesperson told SecurityWeek.

French digital transformation and hybrid cloud company Atos on Friday announced that the GoAnywhere incident impacted data associated with a specific Nimbix file transfer application.

“Our cybersecurity team has identified a backup folder from 2016 that was presumably exposed, due to a zero-day vulnerability known to be exploited by Cl0p. We are in contact with the clients concerned,” the company said.

According to Reuters, Rio Tinto informed employees last week that internal data, such as payroll information, was stolen in the GoAnywhere attack, and that the group responsible for the hack was threatening to release the data publicly. Rio Tinto did not respond to a SecurityWeek request for comment.

Check Also

Patch Tuesday

Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched

Microsoft’s June Patch Tuesday update has arrived, addressing 66 vulnerabilities across its product line. One …

Leave a Reply

Your email address will not be published. Required fields are marked *