Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In July 2025, pro-Palestinian hacktivist group zerodayx1 launched its own Ransomware-as-a-Service (RaaS) operation, following the path of other hacktivist teams. They loudly announced the initiative on platforms commonly used for such purposes, including X (formerly Twitter) and Telegram. Zerodayx1 exemplifies the ongoing evolution of these groups, underscoring the importance of studying and understanding their methods in order to better prepare for and respond to such threats.

A new critical vulnerability, CVE-2025-10035, has been disclosed in Fortra’s GoAnywhere MFT, a widely used managed file transfer solution. The flaw lies in the License Servlet and allows unauthenticated attackers to achieve remote code execution (RCE) through crafted license responses. The vendor has rated this vulnerability as Critical (CVSS 10.0) due to its potential for complete system compromise over the network.

As the AI revolution accelerates, developers are being inundated with a dazzling array of new software packages and game-changing tools such as GitHub CoPilot, Sourcegraph, Qodo, Cursor, Goose, and others that promise incredible advances in productivity and impact. The excitement over this is high and just keeps on growing.

On September 18, 2025, Fortra released a patch addressing a critical vulnerability in GoAnywhere Managed File Transfer (MFT), tracked as CVE-2025-10035. The vulnerability stems from a deserialization flaw in the License Servlet of GoAnywhere MFT, allowing a remote threat actor with a valid forged license response signature to deserialize an arbitrary, threat-actor-controlled object and potentially achieve command injection.

Exposure management doesn’t end when you discover and prioritize vulnerabilities. The real measure of success is whether you’ve effectively remediated those exposures. Too often, security teams identify risks but struggle to see them resolved because remediation processes aren’t aligned across people, tools, and workflows. Exposure remediation best practices address this gap, ensuring that insights lead to action and that action drives measurable risk reduction.

Company overview: Labelbox is the leading data factory for delivering high-quality, frontier data to top AI labs and enterprise AI teams.

As AI transforms software development, AppSec teams face new complexities. For instance, the lack of visibility into where AI is being used and the reality that AI-generated code is often highly vulnerable make it nearly impossible to prioritize remediation and effectively scale security programs. To succeed, AppSec teams have to evolve from task managers to strategic governance enforcers.

CrowdStrike is introducing Risk-based Patching in CrowdStrike Falcon for IT to close the gap between security and IT teams. With AI-powered Risk-based Patching and CrowdStrike Falcon Exposure Management, organizations can identify, prioritize, and fix the vulnerabilities most critical to them through a single console and workflow while accelerating security and IT consolidation.