CyberWire Daily When GoAnywhere goes wrong.
9 snips
Oct 14, 2025 Mickey Bresman, CEO of Semperis and a leading expert in hybrid identity security, shares his insights on crucial cybersecurity issues. He discusses the growing importance of identity security, highlighting trends from the recent HIP Conference. Bresman explains the challenges of managing new identities created by agentic AI and critiques where enterprises often fall short in Active Directory security. He also offers practical advice on reducing ransom payments through effective preparedness and testing recovery plans.
AI Snips
Chapters
Transcript
Episode notes
GoAnywhere Flaw Enables Ransomware Exploits
- A deserialization flaw in GoAnywhere allowed forged license responses to enable command injection.
- CISA and Microsoft link the vulnerability to active ransomware campaigns exploiting cryptographic bypasses.
Harvard's Response To Oracle Zero-Day
- Harvard applied Oracle's emergency patch and reported limited impact to a small administrative unit.
- The university is investigating after the Klopp ransomware gang listed it on a leak site.
WhatsApp Worm Spreads Via Infected Web Sessions
- A WhatsApp-delivered malware campaign in Brazil uses self-spreading messages from compromised Web sessions.
- The campaign executed PowerShell activity across hundreds of environments and over a thousand endpoints.