CVE-2023-0669
published 2023-02-06CVE-2023-0669: Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to…
PriorityP189high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
KEVITWEXPLOITRansomwareInitial access
CISA Known Exploited Vulnerabilitydue 2023-03-03
Exploited in the wild
EPSS
100.00%
100.0th percentile
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortra | goanywhere_managed_file_transfer | < 7.1.2 | 7.1.2 |
| fortra | goanywhere_mft | <= 7.1.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is a pre-authentication command injection via deserialization in the License Response Servlet; monitor for unexpected deserialization activity targeting that servlet endpoint. ↗
- →Post-exploitation persistence uses Truebot-styled Scheduled Tasks executing payloads via Rundll32; hunt for Rundll32 child processes spawned from scheduled tasks on GoAnywhere MFT hosts. ↗
- →CVE-2023-0669 was exploited as a zero-day since January 18, 2023 and attributed to the Clop ransomware gang; correlate GoAnywhere MFT exploitation indicators with Clop TTPs. ↗
- →The administrative console is the attack surface; check Shodan/internet exposure of GoAnywhere MFT admin interfaces and alert on any external access to the admin console. ↗
- →CVE-2023-0669 is one of three CVEs repeatedly exploited by ransomware actors in Talos IR engagements; prioritize detection rules for this CVE alongside CVE-2020-1472 and CVE-2018-13379. ↗
- ·The administrative console is typically only accessible from within a private network, VPN, or allow-listed IPs; exploitation requires network-level access to the admin interface, not the public-facing Web Client. ↗
- ·The vulnerability was patched in GoAnywhere MFT version 7.1.2; unpatched instances below this version remain at risk. ↗
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
cisa7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework
ghsa·2023-02-06
CVE-2023-0669 [HIGH] CWE-502 Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework
Withdrawn: Fortra GoAnywhere MFT Deserialization of Untrusted Data vulnerability affects metasploit-framework
## Withdrawn
This advisory has been withdrawn because it was incorrectly associated with the metasploit-framework package, which is not affected by this CVE, and the actual vulnerable component does not fit within our supported ecosystems. This link is maintained to preserve external references.
## Original Description
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.
VulnCheck
Fortra GoAnywhere MFT Remote Code Execution Vulnerability
vulncheck·2023·CVSS 7.2
CVE-2023-0669 [HIGH] CWE-502 Fortra GoAnywhere MFT Remote Code Execution Vulnerability
Fortra GoAnywhere MFT Remote Code Execution Vulnerability
Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.
Affected: Fortra GoAnywhere MFT
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.huntress.com/blog/investigating-intrusions-from-intriguing-exploits; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.hhs.gov/sites/default/files/clop-allegedly-targeting-healthcare-industry-sector-alert.pdf; https://www.rubrik.com/blog/company/23/3/fortra-goanywhere; https://www.bleepingcomputer.com/news/security/hitachi-energy-
VulnCheck
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
vulncheck·2022·CVSS 9.8
CVE-2022-42475 [CRITICAL] CWE-197 Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
Affected: Fortinet FortiOS
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.fortiguard.com/psirt/FG-IR-22-398; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw; https://www.prio-n.com/a-year-in-review-2022-100-vulnerabilities-you-sh
CISA
Fortra GoAnywhere MFT Remote Code Execution Vulnerability
cisa·2023-02-10·CVSS 7.2
CVE-2023-0669 [HIGH] CWE-502 Fortra GoAnywhere MFT Remote Code Execution Vulnerability
Vulnerability: Fortra GoAnywhere MFT Remote Code Execution Vulnerability
Affected: Fortra GoAnywhere MFT
Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.
Required Action: Apply updates per vendor instructions.
Notes: This CVE has a CISA AA located here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a. Please see the AA for associated IOCs. Additional information is available at: https://my.goanywhere.com/webclient/DownloadProductFiles.xhtml. Fortra users must have an account in order to login and access the patch.; https://nvd.nist.gov/vuln/detail/CVE-2023-0669
Remediation Due Date: 2023-03-03
Suricata
ET WEB_SPECIFIC_APPS Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M1
suricata·2023-02-07·CVSS 7.2
CVE-2023-0669 [HIGH] ET WEB_SPECIFIC_APPS Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M1
ET WEB_SPECIFIC_APPS Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M1
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M1"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/goanywhere/lic/accept?bundle="; fast_pattern; startswith; reference:url,attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis; reference:cve,2023-0669; classtype:attempted-admin; sid:2044143; rev:4; metadata:affected_product Java, attack_target Web_Server, created_at 2023_02_07, cve CVE_2023_0669, deployment Perimeter, deployment Internal, deployment Datacenter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag CISA_KEV,
Suricata
ET EXPLOIT Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M3
suricata·2023-02-07·CVSS 7.2
CVE-2023-0669 [HIGH] ET EXPLOIT Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M3
ET EXPLOIT Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M3
Rule: alert http any any -> $HOME_NET any (msg:"ET EXPLOIT Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M3"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/goanywhere/lic/accept"; fast_pattern; http.request_body; content:"bundle="; startswith; reference:url,frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html; reference:cve,2023-0669; classtype:trojan-activity; sid:2044145; rev:1; metadata:affected_product Java, attack_target Web_Server, created_at 2023_02_07, cve CVE_2023_0669, deployment Perimeter, deployment Internal, deployment Datacenter, deployment SSLDecrypt, performance_impact Low, confidence Low, signature_severity Major, tag
Suricata
ET WEB_SPECIFIC_APPS Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M2
suricata·2023-02-07·CVSS 7.2
CVE-2023-0669 [HIGH] ET WEB_SPECIFIC_APPS Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M2
ET WEB_SPECIFIC_APPS Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M2
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M2"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/goanywhere/lic/accept?bundle="; fast_pattern; startswith; reference:url,attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysis; reference:cve,2023-0669; classtype:attempted-admin; sid:2044144; rev:2; metadata:affected_product Java, attack_target Web_Server, created_at 2023_02_07, cve CVE_2023_0669, deployment Perimeter, deployment Internal, deployment Datacenter, deployment SSLDecrypt, former_category EXPLOIT, performance_impact Low, confidence Medium, signature_seve
Exploit-DB
Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)
exploitdb·2023-04-08·CVSS 7.2
CVE-2023-0669 [HIGH] Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)
Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)
---
// Exploit Title: Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)
// Google Dork: title:"GoAnywhere"
// Date: 3/26/2023
// Exploit Author: Youssef Muhammad
// Vendor Homepage: https://www.goanywhere.com/
// Software Link: https://www.dropbox.com/s/j31l8lgvapbopy3/ga7_0_3_linux_x64.sh?dl=0
// Version: > 7.1.1 for windows / > 7.0.3 for Linux
// Tested on: Windows, Linux
// CVE : CVE-2023-0669
// This script is needed to encrypt the serialized payload generated by the ysoserial tool in order to achieve Remote Code Execution
import java.util.Base64;
import javax.crypto.Cipher;
import java.nio.charset.StandardCharsets;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.c
Metasploit
Fortra GoAnywhere MFT Unsafe Deserialization RCE
metasploit·CVSS 7.2
CVE-2023-0669 [HIGH] Fortra GoAnywhere MFT Unsafe Deserialization RCE
Fortra GoAnywhere MFT Unsafe Deserialization RCE
This module exploits CVE-2023-0669, which is an object deserialization vulnerability in Fortra GoAnywhere MFT.
Nuclei
Fortra GoAnywhere MFT - Remote Code Execution
nuclei·CVSS 7.2
CVE-2023-0669 [HIGH] Fortra GoAnywhere MFT - Remote Code Execution
Fortra GoAnywhere MFT - Remote Code Execution
Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.
Template:
id: CVE-2023-0669
info:
name: Fortra GoAnywhere MFT - Remote Code Execution
author: rootxharsh,iamnoooob,dhiyaneshdk,pdresearch
severity: high
description: |
Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the
Bleepingcomputer
Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet
blogs_bleepingcomputer·2025-09-19·CVSS 10.0
CVE-2025-10035 [CRITICAL] Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet
## Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet
## Sergiu Gatlan
Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in command injection attacks.
GoAnywhere MFT is a web-based managed file transfer tool that helps organizations securely transfer files and maintain audit logs of who accesses the shared files.
Tracked as CVE-2025-10035, this security flaw is caused by a deserialization of untrusted data weakness and can be exploited remotely in low-complexity attacks that don't require user interaction.
"A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary a
Qualys
Inside LockBit: Defense Lessons from the Leaked LockBit Negotiations
blogs_qualys·2025-05-08
Inside LockBit: Defense Lessons from the Leaked LockBit Negotiations
## Table of Contents
Who is LockBit? How it Evolved and Operates
Monero: The Coin of the Realm
Patch or Mitigate Now: Critical CVEs Exploited by LockBit
Beyond Traditional Endpoints: Other Compromised Systems
Initial Access and Deployment
Conclusion
The LockBit ransomware gang recently suffered a significant data breach. Their dark web affiliate panels were defaced with the message “Don’t do crime CRIME IS BAD xoxo from Prague,” linking to a MySQL database dump. This archive contains a SQL file from LockBit’s affiliate panel database that includes twenty tables, notably including a ‘btc_addresses’ table with 59,975 unique bitcoin addresses and a ‘chats’ table containing over 4,400 victim negotiation messages from December 2024 to the end of April 2025.
This blog post will leverage
Talos
Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs
blogs_talos·2024-07-10
Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs
Given the recent slate of massive ransomware attacks that have disrupted everything from hospitals to car dealerships, Cisco Talos wanted to take a renewed look at the top ransomware players to see where the current landscape stands.
Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in tactics, techniques and procedures (TTPs), along with several notable differences and outliers.
Talos’ studies indicate that the most prolific ransomware actors prioritize gaining initial access to targeted networks, with valid accounts being the most common mechanism. Phishing for credentials often precedes these attacks, a trend observed across all incident response engagements, consistent with our 2023 Year in Review report. Over the pa
Talos
Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs
blogs_talos·2024-07-10
Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs
## Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs
Given the recent slate of massive ransomware attacks that have disrupted everything from hospitals to car dealerships , Cisco Talos wanted to take a renewed look at the top ransomware players to see where the current landscape stands.
Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in tactics, techniques and procedures (TTPs), along with several notable differences and outliers.
Talos’ studies indicate that the most prolific ransomware actors prioritize gaining initial access to targeted networks, with valid accounts being the most common mechanism. Phishing for credentials often precedes these attacks, a trend observed across all incid
Checkpoint
Sharp Dragon Expands Towards Africa and The Caribbean
blogs_checkpoint·2024-05-23
CVE-2023-0669 Sharp Dragon Expands Towards Africa and The Caribbean
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## Sharp Dragon Expands Towards Africa and The Caribbean
## Key Findings
Sharp Dragon’s (Formerly referred to as Sharp Panda) operations continue, expanding their focus now to new regions –
Unit42
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
blogs_unit42·2024-02-05
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
## Executive Summary
The ransomware landscape experienced significant transformations and challenges in 2023. The year saw a 49% increase in victims reported by ransomware leak sites, with a total of 3,998 posts from various ransomware groups.
What drove this surge of activity? 2023 saw high-profile vulnerabilities like SQL injection for MOVEit and GoAnywhere MFT services. Zero-day exploits for these vulnerabilities drove spikes in ransomware infections by groups like CL0P, LockBit and ALPHV (BlackCat) before defenders could update the vulnerable software.
Leak site data reveals at least 25 new ransomware groups emerged in 2023, indicating the continued attraction of ransomware as a profitable criminal activity. Despite the appearance of new groups such as Darkrace, CryptNet and U-Bomb,
Unit42
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
blogs_unit42·2024-02-05
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
Threat Research Center
Threat Research
Ransomware
## Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
Doel Santos
Published: February 5, 2024
Cybercrime
Ransomware
Threat Research
Trend Reports
ALPHV
Ambitious Scorpius
Blackcat
Buzzing Scorpius
Hive
Ignoble Scorpius
Leak site
Ragnar Locker
Ransomed
Ransomed.Vc
Royal Ransomware
Salty Scorpius
Trigona
Vice Society
## Executive Summary
The ransomware landscape experienced significant transformations and challenges in 2023. The year saw a 49% increase in victims reported by ransomware leak sites, with a total of 3,998 posts from various ransomware groups.
What drove this surge of activity? 2023 saw high-profile vulnerabilities like SQL injection for MOVEit and GoAnywhere MFT services. Zero-day exploits fo
Bleepingcomputer
Fortra warns of new critical GoAnywhere MFT auth bypass, patch now
blogs_bleepingcomputer·2024-01-23·CVSS 9.8
[CRITICAL] Fortra warns of new critical GoAnywhere MFT auth bypass, patch now
## Fortra warns of new critical GoAnywhere MFT auth bypass, patch now
## Bill Toulas
Fortra is warning of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user.
GoAnywhere MFT is used by organizations worldwide to secure transfer files with customers and business partners. It supports secure encryption protocols, automation, centralized control, and various logging and reporting tools that aid in legal compliance and auditing.
The newly disclosed flaw is tracked as CVE-2024-0204 and is rated critical with a CVSS v3.1 score of 9.8 as it is remotely exploitable, allowing an unauthorized user to create admin users via the product’s administration portal.
Creating arbitrary accoun
Bleepingcomputer
Exploit released for Fortra GoAnywhere MFT auth bypass bug
blogs_bleepingcomputer·2024-01-23·CVSS 9.8
[CRITICAL] Exploit released for Fortra GoAnywhere MFT auth bypass bug
## Exploit released for Fortra GoAnywhere MFT auth bypass bug
## Sergiu Gatlan
Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software that allows attackers to create new admin users on unpatched instances via the administration portal.
GoAnywhere MFT is a web-based managed file transfer tool that helps organizations transfer files securely with partners and keep audit logs of who accessed all shared files.
While Fortra silently patched the bug ( CVE-2024-0204 ) on December 7 with the release of GoAnywhere MFT 7.4.1, the company only publicly disclosed it today in an advisory offering limited information (more details are available in a private customer advisory ).
However, Fortra also issued private
Tenable
CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Vulnerability
blogs_tenable·2024-01-23·CVSS 9.8
[CRITICAL] CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is
blogs_qualys·2023-12-19
2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is
## Table of Contents
2023 Statistics
2023 Vulnerability Threat Landscape
Top Vulnerability Types
Key Insights
Top MITRE ATT&CK Tactics & Techniques
Most Active Threats
Conclusion
As 2023 nears its end, it’s time to pause and reflect. It’s time to assess what worked and what didn’t, what caught our attention and caused disruption, and what went unnoticed. More importantly, we need to know what lessons we learned from 2023 so that we can do a better job of managing risk in the coming year. In line with this, the Qualys Threat Research Unit has prepared a comprehensive blog series to review the threat landscape in 2023.
Key Takeaways:
Less than one percent of vulnerabilities contributed to the highest risk and were routinely exploited in the wild.
97 high-risk vulnerabilities, like
Qualys
Top Cyber Threats of 2023: An In-Depth Review (Part One) | Qualys
blogs_qualys·2023-12-19
Top Cyber Threats of 2023: An In-Depth Review (Part One) | Qualys
#### Table of Contents
- 2023 Statistics
- 2023 Vulnerability Threat Landscape
- Top Vulnerability Types
- Key Insights
- Top MITRE ATT&CK Tactics & Techniques
- Most Active Threats
- Conclusion
As 2023 nears its end, it’s time to pause and reflect. It’s time to assess what worked and what didn’t, what caught our attention and caused disruption, and what went unnoticed. More importantly, we need to know what lessons we learned from 2023 so that we can do a better job of managing risk in the coming year. In line with this, the Qualys Threat Research Unit has prepared a comprehensive blog series to review the threat landscape in 2023.
Key Takeaways:
- Less than one percent of vulnerabilities contributed to the highest risk and were routinely exploited in the wild.
- 97 high-risk vulnerab
Qualys
Top 10 Exploited Vulnerabilities in 2023: Insights from the Qualys Survey | Qualys
blogs_qualys·2023-09-26·CVSS 7.8
[HIGH] Top 10 Exploited Vulnerabilities in 2023: Insights from the Qualys Survey | Qualys
#### Table of Contents
- 7 Key Insights by the Qualys Threat Research Unit
- A Closer Look at the Top 10 Exploited Vulnerabilities of 2023
- Optimizing Risk Management with Qualys VMDR TruRiskDashboard
- Next Steps: Reduce Your Risk to the Top 10 Vulnerabilities with Qualys VMDR
- Additional Contributors:
The Qualys Threat Research Unit (TRU) has thoroughly analyzed vulnerabilities reported in 2023. Our comprehensive study assesses factors including weaponization status, existence in the CISA KEV, instances or usage of malware and ransomware, trending vulnerabilities, various scoring metrics, and recency of threats. Insights for the Top 10 vulnerabilities during 2023 are also based on evidence of exploitation, patch adoption rates, and the longevity of vulnerabilities.
## 7 Key Insights
Qualys
Qualys Survey of Top 10 Exploited Vulnerabilities in 2023
blogs_qualys·2023-09-26·CVSS 7.8
[HIGH] Qualys Survey of Top 10 Exploited Vulnerabilities in 2023
## Table of Contents
7 Key Insights by the Qualys Threat Research Unit
A Closer Look at the Top 10 Exploited Vulnerabilities of 2023
Optimizing Risk Management with Qualys VMDR TruRiskDashboard
Next Steps: Reduce Your Risk to the Top 10 Vulnerabilities with Qualys VMDR
Additional Contributors:
The Qualys Threat Research Unit (TRU) has thoroughly analyzed vulnerabilities reported in 2023. Our comprehensive study assesses factors including weaponization status, existence in the CISA KEV, instances or usage of malware and ransomware, trending vulnerabilities, various scoring metrics, and recency of threats. Insights for the Top 10 vulnerabilities during 2023 are also based on evidence of exploitation, patch adoption rates, and the longevity of vulnerabilities.
## 7 Key Insights by the
Talos
Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical
blogs_talos·2023-07-26
Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical
Cisco Talos Incident Response (Talos IR) responded to a growing number of data theft extortion incidents that did not involve encrypting files or deploying ransomware, a 25 percent increase since last quarter and the most-observed threat in the second quarter of 2023.
In this type of attack, threat actors steal victim data and threaten to leak or sell it unless the victim pays varying sums of money, eliminating the need to deploy ransomware or encrypt data. This differs from the double-extortion ransomware method, whereby adversaries exfiltrate and encrypt files and demand payment for victims to receive a decryption key.
Cisco Talos Incident Response Quarterly Report (Q2 2023)
One-page overview of the top threats observed in the field last quarter.
071823 IR Q223 TAR.pdf
172 KB
downloa
Talos
Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical
blogs_talos·2023-07-26
Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical
## Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical
Cisco Talos Incident Response (Talos IR) responded to a growing number of data theft extortion incidents that did not involve encrypting files or deploying ransomware, a 25 percent increase since last quarter and the most-observed threat in the second quarter of 2023.
In this type of attack, threat actors steal victim data and threaten to leak or sell it unless the victim pays varying sums of money, eliminating the need to deploy ransomware or encrypt data. This differs from the double-extortion ransomware method, whereby adversaries exfiltrate and encrypt files and demand payment for victims to receive a decryption key.
Ransomware was the second most-observed threat this qu
Fortinet
Ransomware Roundup - Cl0p | FortiGuard Labs
blogs_fortinet·2023-07-21·CVSS 9.8
[CRITICAL] Ransomware Roundup - Cl0p | FortiGuard Labs
FORTIGUARD LABS THREAT RESEARCH
Ransomware Roundup - Cl0p
By Shunichi Imano and James Slaughter | July 21, 2023
On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.
This edition of the Ransomware Roundup covers the Cl0p ransomware.
Affected platforms: Microsoft Windows, Linux
Impacted parties: Microsoft Windows, Linux Users
Impact: Encrypts and exfiltrates victims’ files and demands ransom for file decryption and not to leak stolen files
Severity level: High
Recently, the Cl0p ransomware group received
Fortinet
Meet LockBit: The Most Prevalent Ransomware in 2022 | FortiGuard Labs
blogs_fortinet·2023-07-10
Meet LockBit: The Most Prevalent Ransomware in 2022 | FortiGuard Labs
FORTIGUARD LABS THREAT RESEARCH
Meet LockBit: The Most Prevalent Ransomware in 2022
By Shunichi Imano and James Slaughter | July 10, 2023
Affected platforms: Microsoft Windows, Linux, ESXi, MacOS
Impacted parties: Microsoft Windows, Linux, ESXi, and MacOS Users
Impact: Encrypts and exfiltrates victims’ files and demands ransom for file decryption and not to leak stolen files
Severity level: High
On June 14th, 2023, the CISA, FBI, MS-ISAC, and multiple international cyber security organizations released a joint advisory for the LockBit ransomware. This ransomware group has been active since early 2020, targeting organizations across numerous industries, including energy and government sectors. According to the advisory, LockBit was the most active ransomware in 2022.
This blog provides
Tenable
FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang
blogs_tenable·2023-06-16
FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2023-34362: MOVEIt Transfer Critical Zero-Day Vulnerability Exploited in the Wild
blogs_tenable·2023-06-02·CVSS 9.8
[CRITICAL] CVE-2023-34362: MOVEIt Transfer Critical Zero-Day Vulnerability Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Checkpoint
24th April – Threat Intelligence Report
blogs_checkpoint·2023-04-24
CVE-2023-20036 24th April – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 24th April – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 24th April, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
The American Bar Association (ABA), the largest global association of lawyers and legal professionals, has suffered a data breach with hackers gaining access to older credentials of 1,466,000 members. The breach was first detected on March 17th, 2023, and involved login credentials and salted passwords to ABA’s old website
Cap
Dragos
Dragos Industrial Ransomware Attack Analysis: Q1 2023
blogs_dragos·2023-04-20
Dragos Industrial Ransomware Attack Analysis: Q1 2023
OT Cybersecurity Basics Build a stronger OT security strategy
5 Critical Controls SANS ICS framework for defense
Industrial Risk Management Quantifying OT risk and dependencies
Monitoring Threat Groups Know your adversary
Year in Review Report 9th annual threat report
OT Compliance NIS2, CAF v4, SOCI/SONS, TSA, & more
NERC CIP Dragos Alignment
INSM Compliance Path for NERC-CIP-015
RESOURCES
Threat Reports
Whitepapers
Datasheets
Solution Briefs
Case Studies
Blog
Webinars
Dragos Industrial Security Conference
COMMUNITY
OT-CERT Program
Community Defense Program
DRAGOS ACADEMY
On-Demand Training
About Dragos Safeguarding civilization
Leadership Experts in defense
Newsroom Up-to-date cyber news
Careers Current job openings
Event Calendar Connect in person
Dragos Indus
Checkpoint
27th March – Threat Intelligence Report
blogs_checkpoint·2023-03-27·CVSS 7.2
CVE-2023-0669 [HIGH] 27th March – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 27th March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 27th March, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
New victims of Clop ransomware gang that leveraged for the attack purpose a zero-day security flaw (CVE-2023-0669) in the Fortra GoAnywhere Managed File Transfer system were disclosed. Among those are the American luxury brand retailer Saks Fifth Avenue , and City of Toronto .
Check Point IPS, Threat Emulation and Harmony Endp
Checkpoint
20th March – Threat Intelligence Report
blogs_checkpoint·2023-03-20·CVSS 7.1
CVE-2023-0669 [HIGH] 20th March – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 20th March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 20th March, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
Hitachi Energy reported a data breach caused by the Clop ransomware group which exploited a zero-day vulnerability (CVE-2023-0669) in the Fortra GoAnywhere MFT system, which was used by Hitachi.
Check Point IPS, Threat Emulation and Harmony Endpoint provide protection against this threat (GoAnywhere MFT Insecure Deserializatio
Checkpoint
6th March – Threat Intelligence Report
blogs_checkpoint·2023-03-06
CVE-2023-0669 6th March – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 6th March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 6th March, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
The American fast food chain Chick-fil-A has released an announcement revealing a credential stuffing attack occurred on their website and mobile app. The attack exposed over 71K customers’ accounts data, including names, email addresses, mobile payment numbers and masked credit or debit card numbers, and threat actors may have u
Talos
Threat Source newsletter (Feb. 23, 2023) — Social media sites are making extra security a paid feature
blogs_talos·2023-02-23
Threat Source newsletter (Feb. 23, 2023) — Social media sites are making extra security a paid feature
Welcome to this week’s edition of the Threat Source newsletter.
Social media’s latest business plan seems to be charging for security.
Twitter recently announced a plan to make SMS-based two-factor authentication a paid service as part of Twitter Blue — asking users to pay either $8 or $11 monthly for the feature set. Meta, Facebook’s parent company, also announced a new pay-for-verification service on Facebook and Instagram that will allow users to pay up to $14 a month for “a verified badge that authenticates your account with government ID, proactive account protection, access to account support, and increased visibility and reach.”
The Twitter plan falls into a gray area for me. I’ve talked to experts who pointed out that app-based multi-factor authentication — which is still free o
Talos
Threat Source newsletter (Feb. 23, 2023) — Social media sites are making extra security a paid feature
blogs_talos·2023-02-23
Threat Source newsletter (Feb. 23, 2023) — Social media sites are making extra security a paid feature
## Threat Source newsletter (Feb. 23, 2023) — Social media sites are making extra security a paid feature
Welcome to this week’s edition of the Threat Source newsletter.
Social media’s latest business plan seems to be charging for security.
Twitter recently announced a plan to make SMS-based two-factor authentication a paid service as part of Twitter Blue — asking users to pay either $8 or $11 monthly for the feature set. Meta, Facebook’s parent company, also announced a new pay-for-verification service on Facebook and Instagram that will allow users to pay up to $14 a month for “a verified badge that authenticates your account with government ID, proactive account protection, access to account support, and increased visibility and reach.”
The Twitter plan falls into a gray area for me
Sentinelone
Staying Secure In the Cloud | An Angelneers Interview with Ely Kahn
blogs_sentinelone·2023-02-21
Staying Secure In the Cloud | An Angelneers Interview with Ely Kahn
Cloud computing has allowed modern organizations to scale at incredible rates, transforming how organizations collaborate and operate. While cloud adoption grows across all industries, its inherent risks have expanded alongside it. This steers security leaders towards implementing the right cybersecurity strategies to protect their cloud environments.
In the latest Angelneers podcast episode, host Oleg Sullivan Koujikov spoke with SentinelOne’s VP, Product Management for Cloud Security, Ely Kahn , about the realities of using cloud computing, the three main cloud-based attack vectors, and the rise of cloud native application protection platforms (CNAPPs) in combating threat actors who continue to take aim at this fast-growing attack surface. In this post, we share Ely’s main take aways fo
Sentinelone
CVE-2023-0669: Fortra GoAnywhere MFT RCE Vulnerability
blogs_sentinelone·2023-02-21·CVSS 7.2
CVE-2023-0669 [HIGH] CVE-2023-0669: Fortra GoAnywhere MFT RCE Vulnerability
In February 2023, Fortra notified users about a zero-day remote code vulnerability in the GoAnywhere MFT. The vendor provided an immediate response with mitigations and indicators of compromise . However, a week later, they released a patch.
It is claimed that over 1,000 instances of GoAnywhere are accessible through the internet. However, in order to exploit them, one needs to have access to the admin console of the application.
## About the CVE-2023-0669 vulnerability
CVE-2023-0669 is related to a pre-authentication command injection in GoAnywhere MFT, affecting version 7.1.1 and its earlier versions. If the vulnerability is successfully exploited, attackers can remotely execute code on vulnerable instances of GoAnywhere MFT.
The vulnerability has been marked as High . The CVSS score
Sentinelone
CVE-2023-0669: Fortra GoAnywhere MFT RCE Vulnerability
blogs_sentinelone·2023-02-21·CVSS 7.2
CVE-2023-0669 [HIGH] CVE-2023-0669: Fortra GoAnywhere MFT RCE Vulnerability
In February 2023, Fortra notified users about a zero-day remote code vulnerability in the GoAnywhere MFT. The vendor provided an immediate response with mitigations and indicators of compromise. However, a week later, they released a patch.
It is claimed that over 1,000 instances of GoAnywhere are accessible through the internet. However, in order to exploit them, one needs to have access to the admin console of the application.
## About the CVE-2023-0669 vulnerability
CVE-2023-0669 is related to a pre-authentication command injection in GoAnywhere MFT, affecting version 7.1.1 and its earlier versions. If the vulnerability is successfully exploited, attackers can remotely execute code on vulnerable instances of GoAnywhere MFT.
The vulnerability has been marked as High. The CVSS score f
Qualys
Forta GoAnywhere Zero-Day Exploited By Threat Actors
blogs_qualys·2023-02-15·CVSS 7.2
CVE-2023-0669 [HIGH] Forta GoAnywhere Zero-Day Exploited By Threat Actors
## Table of Contents
About Forta GoAnywhere
Vulnerability Details
Qualys QID Coverage
WorkAround
Detection of Exploitation Attempts via Qualys Multi-Vector EDR:
Post-Exploitation IOCs Associated with CVE-2023-0669
On February 1 st , 2023, Forta released an advisory behind an auth wall notifying their customers of a remote code execution zero-day exploit affecting their GoAnywhere Managed File Transfer (MFT) application.
This was picked up by Brian Krebs, an investigative journalist who published this on his Mastodon account, on February 2 nd , 2023.
On February 7 th , 2023, Forta released GoAnywhere MFT version 7.1.2 to fix this vulnerability. The CVE assigned to this zero-day vulnerability is CVE-2023-0669.
## About Forta GoAnywhere
GoAnywhere MFT is a secure managed file trans
Qualys
Forta GoAnywhere Zero-Day CVE-2023-0669 Exploited | Qualys
blogs_qualys·2023-02-15·CVSS 7.2
CVE-2023-0669 [HIGH] Forta GoAnywhere Zero-Day CVE-2023-0669 Exploited | Qualys
#### Table of Contents
- About Forta GoAnywhere
- Vulnerability Details
- Qualys QID Coverage
- WorkAround
- Detection of Exploitation Attempts via Qualys Multi-Vector EDR:
- Post-Exploitation IOCs Associated with CVE-2023-0669
On February 1st, 2023, Forta released an advisory behind an auth wall notifying their customers of a remote code execution zero-day exploit affecting their GoAnywhere Managed File Transfer (MFT) application.
This was picked up by Brian Krebs, an investigative journalist who published this on his Mastodon account, on February 2nd, 2023.
On February 7th, 2023, Forta released GoAnywhere MFT version 7.1.2 to fix this vulnerability. The CVE assigned to this zero-day vulnerability is CVE-2023-0669.
## About Forta GoAnywhere
GoAnywhere MFT is a secure managed file tr
Checkpoint
13th February – Threat Intelligence Report
blogs_checkpoint·2023-02-13·CVSS 9.8
CVE-2019-5544 [CRITICAL] 13th February – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 13th February – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 13th February, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
The California cities of Oakland and Modesto have been targeted by ransomware attacks, disrupting services in the former and the police network in the latter. Also in California, healthcare company ‘Heritage Provider Network’ has confirmed that medical and personal information of more than 3 million patients had been disc
Recorded Future
Beyond the Code: Unearthing the Subtle Business Ramifications of Six Months in Vulnerabilities
blogs_recorded_future·CVSS 8.0
[HIGH] Beyond the Code: Unearthing the Subtle Business Ramifications of Six Months in Vulnerabilities
## Beyond the Code: Unearthing the Subtle Business Ramifications of Six Months in Vulnerabilities
Editor's note: The following blog post originally appeared on Levi Gundert's Substack page .
At Recorded Future , we’re determined to iteratively answer the “So What? Now What?” (SW/NW) questions, which some intelligence professionals colloquially characterize as “actionability.” Insikt Group often engages in a “non-obvious second-order implications” (NOSOI) exercise to derive quality SWNW answers from geopolitical and cyber intelligence for business executives. NOSOI results vary (GPT-4 is good at “second-order” but less adept at “non-obvious”), and of course, “non-obvious” is a subjective label. Still, it’s a reasonable articulation of our goal, and we know it when we see it.
Toward an ex
Greynoiseio
NoiseLetter March 2026
blogs_greynoiseio
NoiseLetter March 2026
Events, events… and yes, even more events. 🌍 GreyNoise has been on the move. March kept us busy with stops at eCrimes in London and SecIT in Hanover—but we’re just getting started. Over the next few months, we’ll be hitting the road for CrowdStrike CrowdTours across eight cities, heading to Glasgow to speak and sponsor CyberUK, and making our way to Tampa for H-ISAC. If you’ll be at any of these (or nearby), we’d love to connect.
And while we’ve been racking up miles, we haven’t slowed down on the research front. We’ve just released some exciting new findings—with even more coming in the next few weeks—so keep an eye out.
Thanks, as always, for being part of the GreyNoise community.
Featured
About this new report
Every enterprise firewall processes traffic from residential IP space. T
Recorded Future
Beyond the Code: Unearthing the Subtle Business Ramifications of Six Months in Vulnerabilities
blogs_recorded_future·CVSS 8.0
[HIGH] Beyond the Code: Unearthing the Subtle Business Ramifications of Six Months in Vulnerabilities
# Beyond the Code: Unearthing the Subtle Business Ramifications of Six Months in Vulnerabilities
Editor's note: The following blog post originally appeared on Levi Gundert's Substack page.
Image provided by authors
At Recorded Future, we’re determined to iteratively answer the “So What? Now What?” (SW/NW) questions, which some intelligence professionals colloquially characterize as “actionability.” Insikt Group often engages in a “non-obvious second-order implications” (NOSOI) exercise to derive quality SWNW answers from geopolitical and cyber intelligence for business executives. NOSOI results vary (GPT-4 is good at “second-order” but less adept at “non-obvious”), and of course, “non-obvious” is a subjective label. Still, it’s a reasonable articulation of our goal, and we know it when
Greynoiseio
NoiseLetter
blogs_greynoiseio
NoiseLetter
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.htmlhttps://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysishttps://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mfthttps://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.htmlhttps://github.com/rapid7/metasploit-framework/pull/17607https://infosec.exchange/@briankrebs/109795710941843934https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/http://packetstormsecurity.com/files/171789/Goanywhere-Encryption-Helper-7.1.1-Remote-Code-Execution.htmlhttps://attackerkb.com/topics/mg883Nbeva/cve-2023-0669/rapid7-analysishttps://duo.com/decipher/fortra-patches-actively-exploited-zero-day-in-goanywhere-mfthttps://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.htmlhttps://github.com/rapid7/metasploit-framework/pull/17607https://infosec.exchange/@briankrebs/109795710941843934https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml#zerodayfeb1https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-0669
2023-02-06
Published
2023-02-10
Added to CISA KEV
Exploited in the wild