Login Subscribe

Vulnerabilities & Exploits

Storm‑1175 weaponizes GoAnywhere MFT zero‑day to slip past perimeter defenses

Storm‑1175 weaponizes GoAnywhere MFT zero‑day to slip past perimeter defenses

In September 2025 the threat group Storm‑1175 weaponized a critical zero‑day in GoAnywhere Managed File Transfer (CVE‑2025‑10035). The vulnerability is a deserialization flaw that allows unauthenticated attackers to achieve remote code execution on the file‑transfer server. By crafting malicious payloads that pass through standard firewalls

OpenAI Codex Security Scans 1.2M Commits, Flags 10,561 Critical Bugs

OpenAI Codex Security Scans 1.2M Commits, Flags 10,561 Critical Bugs

OpenAI has released Codex Security, an AI‑driven agent that automatically reviewed more than 1.2 million recent code commits across a variety of repositories. In its first pass the system identified 10,561 high‑severity flaws, ranging from insecure deserialization to hard‑coded secrets, and generated remediation suggestions that

Iranian Threat Actors Hijack IP Cameras in Middle East to Fuel Ops

Iranian Threat Actors Hijack IP Cameras in Middle East to Fuel Ops

Check Point’s research team has documented a sharp increase in attacks linked to Iranian actors targeting unsecured IP cameras across the Middle East. The campaigns exploit default credentials and outdated firmware, allowing attackers to gain remote access, capture video feeds, and exfiltrate network information. By compromising these low‑cost,

AI-Powered Claude Detects 22 New Firefox Flaws, Prompting Rapid Mozilla Patch

AI-Powered Claude Detects 22 New Firefox Flaws, Prompting Rapid Mozilla Patch

Anthropic employed its Claude Opus 4.6 large language model to audit Firefox’s codebase, automatically generating test cases that uncovered 22 previously unknown vulnerabilities, including memory‑corruption and sandbox‑escape bugs. Mozilla validated the findings and released an emergency update to remediate all issues within days of disclosure. Defenders

Zero‑Day in GoAnywhere MFT Bypasses Firewalls, Lets Attackers Run Code

Zero‑Day in GoAnywhere MFT Bypasses Firewalls, Lets Attackers Run Code

Researchers uncovered a critical zero‑day vulnerability in the GoAnywhere Managed File Transfer (MFT) appliance that allows unauthenticated attackers to execute arbitrary code on the server. The flaw bypasses traditional perimeter defenses—such as firewalls and intrusion‑prevention systems—by exploiting the MFT service itself, which is often permitted through

OpenAI Codex Security Scans 1.2M Commits, Uncovers 10K Critical Bugs

OpenAI Codex Security Scans 1.2M Commits, Uncovers 10K Critical Bugs

OpenAI has rolled out Codex Security, an AI‑driven assistant that automatically scans code repositories for complex vulnerabilities, validates the findings, and suggests remediation steps. As part of a free one‑month preview for eligible ChatGPT customers, the tool examined roughly 1.2 million commits across diverse projects and identified

Iranian Actors Hijack IP Cameras for Surveillance and Disinformation in Middle East Conflict

Iranian Actors Hijack IP Cameras for Surveillance and Disinformation in Middle East Conflict

Checkpoint researchers have identified a rapid increase in activity by Iranian-sponsored threat groups targeting internet‑connected security cameras across the Middle East. The actors are exploiting default credentials, outdated firmware, and unsecured cloud services to gain persistent access to the devices. Once compromised, the cameras are used to capture live

Zero-Day in GoAnywhere MFT Bypasses Firewalls, Gives Remote Code Execution

Zero-Day in GoAnywhere MFT Bypasses Firewalls, Gives Remote Code Execution

Researchers uncovered a critical zero‑day vulnerability in the GoAnywhere Managed File Transfer (MFT) license servlet. The flaw allowed unauthenticated attackers to inject and execute arbitrary code on the server, earning a perfect CVSS 10.0 rating. Exploits were observed in the wild, with threat actors leveraging the bug to