Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A critical security vulnerability (CVE-2025-10035) has been identified in GoAnywhere MFT, a widely used file transfer solution developed by Fortra. This software is commonly deployed to securely transfer sensitive data such as financial records, HR files, legal documents, and personally identifiable information (PII). Currently, CVE-2025-10035 is rated at a 10.0 (critical) on the CVSS scale and a 9.23 out of 10 on Bitsight’s Dynamic Vulnerability Exploit (DVE) scale.

Artificial intelligence has stormed the enterprise world, and it's not slowing down anytime soon. With thousands of AI-powered applications, from large language models (LLMs) to productivity-boosting copilots, employees are tapping into AI to work smarter and faster. But here’s the rub: while AI can supercharge productivity, it also brings along a Pandora’s box of risks.

Security teams have struggled for far too long with a patchwork of siloed security tools, static compliance checks, and an increasingly adversarial threat landscape to continue down that path, especially when each of these challenges is making their organizations more vulnerable by the minute. Previously in this CRPM series, we’ve established that traditional security approaches are no longer adequate to keep pace against AI-driven attacks and the multi-pronged missions of cybercriminals today.

Remember when ICS malware was “rare”? Last year we got two new families built for one thing: disruption. FrostyGoop and Fuxnet are not Mirai with a wrench taped on or your typical DDoS botnet. They were built to target and disable devices that use Meter-bus and Modbus protocols, inflicting maximum damage. If you still believe that “our PLCs aren’t on the Internet,” then this is your nudge to actually go and check.

CVE-2025-20333 is a critical, actively exploited zero-day vulnerability impacting Cisco firewall devices, specifically those running unpatched versions of Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) software. It is one of two zero-days currently being weaponized by cyber threat actors, posing a significant and immediate threat to enterprise network perimeters. The vulnerability has a CVSS score of base 9.9. At this time, NVD has not released a formal entry for CVE-2025-20333.

The modern automation stack makes it almost trivial to connect enterprise tools: By combining these, you can create an “AI agent” that reads a message in Slack, uses an LLM to classify or summarize it, and then creates a new ticket in YouTrack—all in minutes.

Risk is an ever-present factor in business, influencing almost every decision that organizations make. From investments and operations to market expansion and product development, every decision carries with it inherent risks that could either be mitigated or amplified based on how well they are understood and managed. Quantitative risk analysis offers a structured, data-driven approach to assess these risks, paving the way toward more informed and resilient business decisions.