Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, or the Sustain
![]()
source https://thehackernews.com/2025/10/microsoft-links-storm-1175-to.html
source https://thehackernews.com/2025/10/microsoft-links-storm-1175-to.html