Microsoft has identified ongoing exploitation of a recently disclosed vulnerability in Fortra’s GoAnywhere MFT file transfer platform, attributing the attacks to the Storm-1175 group, a known affiliate of the Medusa ransomware operation. This exploitation, traced back to at least September 11, 2025, involved a zero-day vulnerability (CVE-2025-10035), leading to the deployment of remote monitoring tools and ultimately, the Medusa ransomware in compromised environments. Security experts emphasize the need for transparency from Fortra regarding how attackers gained access to private keys and the delayed communication to affected organizations. This incident underscores the critical vulnerability facing organizations relying on file transfer solutions and raises alarms about the broader implications for cybersecurity resilience in the face of sophisticated ransomware threats.