Worries mount over max-severity Fortra GoAnywhere defect | CyberScoop<\/title> <meta name=\"description\" content=\"Forta, the vendor behind the file-transfer service software, has yet to report exploitation or address evidence of compromise. Independent researchers say otherwise.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/goanywhere-vulnerability-active-exploitation-september-2025\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Worries mount over max-severity GoAnywhere defect\"> <meta property=\"og:description\" content=\"Forta, the vendor behind the file-transfer service software, has yet to report exploitation or address evidence of compromise. Independent researchers say otherwise.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/goanywhere-vulnerability-active-exploitation-september-2025\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-09-26T14:30:45+00:00\"> <meta property=\"article:modified_time\" content=\"2025-09-26T14:30:48+00:00\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/worries-mount-over-max-severity-goanywhere-defect-2.jpg\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1754500264g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1758741382g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1753281318g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/86156\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=86156\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fgoanywhere-vulnerability-active-exploitation-september-2025%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fgoanywhere-vulnerability-active-exploitation-september-2025%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-86156 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/goanywhere-vulnerability-active-exploitation-september-2025\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.604406130268\">\n<div class=\"single-article__header-content\" readability=\"36.424390243902\">\n<p> Forta, the vendor behind the file-transfer service software, has yet to report exploitation or address evidence of compromise. Independent researchers say otherwise. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/86156\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"448\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/worries-mount-over-max-severity-goanywhere-defect.jpg?resize=640%2C448&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Person on ladder looking into large folder with messy paperwork spilling out. (Stock illustration\/Getty Images)\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/worries-mount-over-max-severity-goanywhere-defect-2.jpg 4897w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/worries-mount-over-max-severity-goanywhere-defect-2.jpg?resize=300,210 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/worries-mount-over-max-severity-goanywhere-defect-2.jpg?resize=768,538 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/worries-mount-over-max-severity-goanywhere-defect-2.jpg?resize=1024,717 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/worries-mount-over-max-severity-goanywhere-defect-2.jpg?resize=1536,1075 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/worries-mount-over-max-severity-goanywhere-defect-2.jpg?resize=2048,1434 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/worries-mount-over-max-severity-goanywhere-defect-2.jpg?resize=600,420 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/worries-mount-over-max-severity-goanywhere-defect-2.jpg?resize=240,168 240w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/worries-mount-over-max-severity-goanywhere-defect-2.jpg?resize=481,337 481w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/worries-mount-over-max-severity-goanywhere-defect-2.jpg?resize=964,675 964w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/worries-mount-over-max-severity-goanywhere-defect-2.jpg?resize=1204,843 1204w\" sizes=\"(max-width: 964px) 100vw, 964px\"><figcaption> Person on ladder looking into large folder with messy paperwork spilling out. (Stock illustration\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"80.003478603308\"><body readability=\"163.14488032857\"><\/p>\n<p>Threat intelligence professionals have a sense of foreboding about a maximum-severity vulnerability <a href=\"https:\/\/cyberscoop.com\/goanywhere-file-transfer-service-vulnerability-september-2025\/\">Forta disclosed last week<\/a> in its file-transfer service GoAnywhere MFT, as they steel themselves for active exploitation and signs of compromise.<\/p>\n<p>Forta has not declared the defect actively exploited and did not answer questions to that effect from CyberScoop. Yet, researchers at watchTowr said they\u2019ve obtained credible <a href=\"https:\/\/labs.watchtowr.com\/it-is-bad-exploitation-of-fortra-goanywhere-mft-cve-2025-10035-part-2\/\">evidence of active exploitation<\/a> of the vulnerability dating back to Sept. 10. <\/p>\n<p>The disagreement between vendor and research firm highlights a stubborn conundrum in the world of vulnerability disclosure and management. When defects turn out to be more severe and actively exploited than vendors initially report, it creates unnecessary challenges for defenders and impacted users.<\/p>\n<p>Forta did not answer questions about or respond to watchTowr\u2019s latest findings. Forta maintains it discovered the vulnerability or its potential impact during a \u201csecurity check\u201d on Sept. 11, but it hasn\u2019t included those details in the advisory. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The cybersecurity vendor previously <a href=\"https:\/\/www.fortra.com\/security\/advisories\/product-security\/fi-2025-012\">updated its security advisory<\/a> for the deserialization vulnerability \u2014 <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-10035\">CVE-2025-10035<\/a> \u2014 with details that baffled some researchers due to its lack of clarity. Forta added indicators of compromise and stack traces that, if present in customers\u2019 log files, indicate their \u201cinstance was likely affected by this vulnerability,\u201d the company said.<\/p>\n<p>Ben Harris, founder and CEO at watchTowr, discredited some of Forta\u2019s public statements about the vulnerability as he and his team of researchers confirmed suspicions they had about attacks linked to the vulnerability when it was first disclosed.<\/p>\n<p>\u201cWhat a mess,\u201d he told CyberScoop. \u201cAll they had to do was just be honest and transparent \u2014 and instead, have turned this into scandal.\u201d<\/p>\n<p>Threat hunters\u2019 concerns about the vulnerability were amplified when Forta updated its advisory to share specific strings for customers to monitor in their log files. <\/p>\n<p>The IOCs added to Forta\u2019s advisory \u201cmakes us logically uneasy because it strongly suggests that attackers may already be active,\u201d Harris said prior to confirming active exploitation. The details added to the vendor\u2019s \u201cAm I Impacted?\u201d section in the advisory \u201cimplies this isn\u2019t just a hypothetical risk,\u201d Harris added. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Researchers from Rapid7 and VulnCheck drew similar conclusions, noting its rare for vendors to publish IOCs for new critical vulnerabilities absent confirmed exploitation. <\/p>\n<p>\u201cWhile the IOCs do not confirm exploitation in the wild, they strongly suggest the vendor believes that this vulnerability will be exploited if it has not already been,\u201d said Stephen Fewer, senior principal researcher at Rapid7.<\/p>\n<p><strong>Private key, the missing link<\/strong><\/p>\n<p>Vulnerability researchers uncovered additional details about the steps attackers would have to take to achieve exploitation, including unexplained access to a specific private key.<\/p>\n<p>\u201cTo successfully achieve remote-code execution, an attacker must send a signed Java object to the target GoAnywhere MFT server. The target server will use a public key to verify the signed object and, if the signature is valid, then an unsafe deserialization vulnerability can be hit, achieving arbitrary code execution,\u201d Fewer said. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThe missing detail is how the attacker can achieve this when the required private key is not present in the code base of GoAnywhere MFT,\u201d he added.<\/p>\n<p>This key, its whereabouts and how an attacker might gain access to it has researchers on edge, leading some to speculate the private key may have been leaked or otherwise stolen from a cloud-based GoAnywhere license server, which is designed to legitimize signed objects.<\/p>\n<p>Researchers don\u2019t have the private key and have been unable to produce a working exploit without it.<\/p>\n<p>\u201cAdversaries overall are opportunistic,\u201d said Caitlin Condon, vice president of security research at VulnCheck. \u201cIt\u2019s a pretty big deal for them to somehow get access to private keys.\u201d<\/p>\n<p>Cybercriminals have accessed private keys before, as evidenced earlier this month when an attacker exploited a <a href=\"https:\/\/cyberscoop.com\/sitecore-zero-day-vulnerability\/\">zero-day vulnerability in Sitecore<\/a> by using sample keys customers copied and pasted from the vendor\u2019s documentation. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>A key was at the root cause of a major China-affiliated espionage attack on Microsoft Exchange Online in 2023, which exposed emails belonging to high-ranking U.S. government officials and others. Microsoft never definitively determined how the threat group it tracks as Storm-0558 acquired the key, and a federal review board later lambasted the company for \u201c<a href=\"https:\/\/cyberscoop.com\/microsoft-csrb-china-hacking\/\">a cascade of security failures<\/a>\u201d in a scathing report about the attack and its widespread impact.<\/p>\n<p><strong>Vendor responsibility tested<\/strong><\/p>\n<p>Vendors are responsible for providing their customers with timely and actionable information that can protect them against attacks, including explicit acknowledgement of active exploitation, experts said. <\/p>\n<p>\u201cThis provides clarity and peace of mind for defenders looking to prioritize vulnerabilities more effectively in a challenging threat climate, rather than forcing them to speculate or rely on third-party research to answer questions that the supplier is best positioned to address,\u201d said Caitlin Condon, vice president of security research at VulnCheck. <\/p>\n<p>\u201cThe easiest way to know whether this vulnerability, or any vulnerability, has been exploited would be for the vendor to explicitly disclose whether they\u2019re aware of confirmed malicious activity in customer environments,\u201d she said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The maximum-severity score designated to CVE-2025-10035 is a revealing signal, Condon added. \u201cIt\u2019s unusual for a vendor to assign a perfect 10 CVSS score unless they\u2019ve validated vulnerability details and confirmed how an adversary would conduct a successful attack,\u201d she said. <\/p>\n<p>Forta has been through this before. Its customers were previously targeted with a widely exploited zero-day vulnerability in the same file-transfer service two years ago. Fortra\u2019s description of CVE-2025-10035 bears striking similarities to CVE-2023-0669, a defect exploited by Clop, resulting in attacks on more than 100 organizations, and at least five other ransomware groups.<\/p>\n<p>Harris criticized Fortra for its reluctance to share crucial information.<\/p>\n<p>\u201cAs an organization that signed CISA\u2019s Secure By Design pledge that includes wording around transparency for in-the-wild exploitation, the situation seems rather disappointing,\u201d he said. <\/p>\n<p>Enterprises, security professionals and defenders rely on accurate data to determine exposure and react accordingly, Harris added. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWhen transparency is missing, these same teams are left in the dark and left with inadequate information to make risk decisions,\u201d he said. \u201cGiven the context of the solution being used, and the organizations that use this solution, we cannot understate the impact of additional dwell time for an attacker in some of these environments.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.2374100719424\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/worries-mount-over-max-severity-goanywhere-defect-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/goanywhere-vulnerability-active-exploitation-september-2025\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Worries mount over max-severity Fortra GoAnywhere defect | CyberScoop Skip<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1209,282,78,452,5045,5046,5047,3353,256,288,4136,3440],"tags":[668,286,86,454,5048,5049,5050,3357,262,294,4140,3441],"class_list":["post-8024","post","type-post","status-publish","format-standard","hentry","category-cisa","category-cybercrime","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-file-transfer-service","category-fortra","category-goanywhere","category-rapid7","category-research","category-threats","category-vulncheck","category-watchtowr-labs","tag-cisa","tag-cybercrime","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-file-transfer-service","tag-fortra","tag-goanywhere","tag-rapid7","tag-research","tag-threats","tag-vulncheck","tag-watchtowr-labs"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisa\/\" rel=\"category tag\">CISA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/file-transfer-service\/\" rel=\"category tag\">file transfer service<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fortra\/\" rel=\"category tag\">Fortra<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/goanywhere\/\" rel=\"category tag\">GoAnywhere<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/rapid7\/\" rel=\"category tag\">Rapid7<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulncheck\/\" rel=\"category tag\">VulnCheck<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/watchtowr-labs\/\" rel=\"category tag\">watchTowr Labs<\/a>","tag_info":"watchTowr Labs","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8024","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8024"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8024\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8024"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8024,"date":"2025-09-26T09:30:45","date_gmt":"2025-09-26T14:30:45","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=86156"},"modified":"2025-09-26T09:30:45","modified_gmt":"2025-09-26T14:30:45","slug":"worries-mount-over-max-severity-goanywhere-defect","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/09\/26\/worries-mount-over-max-severity-goanywhere-defect\/","title":{"rendered":"Worries mount over max-severity GoAnywhere defect"},"content":{"rendered":"