Tag: critical vulnerability
-
Microsoft Security Blog: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability
Source URL: https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/ Source: Microsoft Security Blog Title: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability Feedly Summary: Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035. We are publishing this…
-
The Register: Third time’s the charm? SolarWinds (again) patches critical Web Help Desk RCE
Source URL: https://www.theregister.com/2025/09/23/solarwinds_patches_rce/ Source: The Register Title: Third time’s the charm? SolarWinds (again) patches critical Web Help Desk RCE Feedly Summary: Or maybe 3 strikes, you’re out? SolarWinds on Tuesday released a hotfix – again – for a critical, 9.8-severity flaw in its Web Help Desk IT ticketing software that could allow a remote, unauthenticated…
-
Docker: MCP Horror Stories: The Drive-By Localhost Breach
Source URL: https://www.docker.com/blog/mpc-horror-stories-cve-2025-49596-local-host-breach/ Source: Docker Title: MCP Horror Stories: The Drive-By Localhost Breach Feedly Summary: This is Part 4 of our MCP Horror Stories series, where we examine real-world security incidents that expose the devastating vulnerabilities in AI infrastructure and demonstrate how Docker MCP Gateway provides enterprise-grade protection against sophisticated attack vectors. The Model Context…