Hackers Exploit Critical GoAnywhere File Transfer Flaw To Deploy Medusa Ransomware - 1

Image by Nahel Hadi, from Unsplash

Hackers Exploit Critical GoAnywhere File Transfer Flaw To Deploy Medusa Ransomware

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Hackers are exploiting a severe GoAnywhere Managed File Transfer flaw to execute remote code, steal data, and deploy Medusa ransomware.

In a rush? Here are the quick facts:

  • Hackers can remotely execute code using forged license response signatures.
  • Cybercrime group Storm-1175 exploited the flaw to deploy Medusa ransomware.
  • Exploitation doesn’t require authentication on Internet-exposed systems.

Microsoft has released a warning about attackers actively using CVE-2025-10035 to exploit a severe vulnerability in GoAnywhere Managed File Transfer (MFT), which researchers say holds a maximum severity rating of 10.0.

The flaw allows hackers to take control of servers, and execute remote code, by sending forged license responses to the platform’s License Servlet.

According to Microsoft Threat Intelligence, a cybercriminal group called Storm-1175, known for using Medusa ransomware, has been exploiting the flaw in real-world attacks since September 11, 2025.

“The vulnerability could allow a threat actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection and potential remote code execution (RCE),” according to Microsoft.

The bug affects GoAnywhere MFT Admin Console versions up to 7.8.3, and exploitation doesn’t require authentication, making Internet-exposed systems particularly vulnerable.

Attackers use SimpleHelp and MeshAgent remote monitoring tools to gain system access and create .jsp files in MFT directories for staying inside the system.

The attackers perform network discovery using netscan followed by lateral movement through mstsc.exe before executing Medusa ransomware attacks.

Microsoft says attackers also used Cloudflare tunnels to hide their command-and-control (C2) communications and Rclone for data theft. “Ultimately, in one compromised environment, the successful deployment of Medusa ransomware was observed,” the report stated.

The company needs users to run system updates right away following Fortra’s recommended steps because security updates do not eliminate active malware. “Review of the impacted system may be required,” Microsoft said.

Businesses should block server Internet access and enable multi-factor authentication according to security experts who want to use Microsoft Defender External Attack Surface Management for identifying exposed systems.

Microsoft Defender protects users from this vulnerability through its detection and blocking features which stop attackers from exploiting the vulnerability against customers.

Nintendo Seeks $4.5 Million From Reddit Moderator Over Piracy Damages - 2

Photo by Patrick on Unplash

Nintendo Seeks $4.5 Million From Reddit Moderator Over Piracy Damages

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Sarah Frazier Former Content Manager

Nintendo has filed a new lawsuit against a Reddit moderator known as Archbox, accusing him of moderating and promoting piracy-related communities on the platform. The company is seeking $4.5 million in damages.

In a rush? Here are the quick facts:

  • Nintendo is requesting $4.5 million in damages to Reddit moderator Archbox.
  • The company filed a new lawsuit last week and a U.S. federal judge should issue a final order soon.
  • Nintendo claims Archbox copied and distributed Nintendo games without authorization, and led a Reddit community called “SwitchPirates.”

According to Nintendo Everything , Nintendo had previously demanded that the moderator stop distributing copyrighted Nintendo Switch games. The company filed the lawsuit after the Reddit user, identified as James C. Williams, allegedly continued promoting so-called “Pirate Shops.”

“Williams not only copied and distributed Nintendo game files without authorization,” states the lawsuit . “He actively promoted their distribution and copying to thousands of others across a variety of websites and online ‘communities,’ and knowingly trafficked in unlawful software products aimed at circumventing Nintendo’s technological measures protecting against unauthorized access to and use of Nintendo Switch games and the Nintendo Switch console itself.”

In the complaint, Nintendo of America (NOA) claims that Williams, under the Reddit username Archbox, was aware of his illegal actions. The filing alleges he led a Reddit community called “SwitchPirates,” which reached over 190,000 members, where he offered access to and promotions for pirate shops. Nintendo also asserts that Williams provided technical support and detailed instructions for downloading and using pirated game copies.

“For the foregoing reasons, NOA respectfully requests that the Court enter a default judgment in favor of NOA and against Williams for a monetary award of $4,500,000 and an injunction in the form of the Proposed Injunction,” states the conclusion.

A U.S. federal judge is expected to issue a final order in the coming days, as no final ruling has been announced yet.

Nintendo keeps actively fighting against piracy. A few weeks ago, the video game giant won a $2 million lawsuit against the owner of the Modded Hardware website for selling devices that bypass Nintendo’s piracy protection. The Japan-based company has also warned users that hacking or modifying consoles can result in those devices being permanently disabled.