Fortra

Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials

June 26, 2026

Mirage2FA, a phishing kit that combines short-lived HTML smuggling with obfuscated JavaScript loaders to deliver fake Microsoft 365 login pages and steal credentials during …

Phishing hides in routine Microsoft 365 workflows

June 23, 2026

Attackers are abusing Outlook Groups and Microsoft 365 collaboration features to make phishing campaigns appear routine, according to Fortra. “The technique shifts …

Record Microsoft Patch Tuesday, fresh zero-day

June 10, 2026

Microsoft marked its largest-ever Patch Tuesday this month, by shipping fixes for nearly 200 vulnerabilities. Within hours, “Nightmare Eclipse”, the researcher …

What security teams miss in email attacks

January 6, 2026

Email remains the most common entry point for attackers. This article examines how phishing, impersonation, and account takeover continue to drive email breaches and expose …

Clipping Scripted Sparrow’s wings: Tracking a global phishing ring

December 18, 2025

Between June 2024 and December 2025, Fortra analysts tracked a persistent business email compromise (BEC) operation that we have now classified as Scripted Sparrow. The group …

Fortra DSPM helps organizations protect sensitive data across hybrid cloud

October 29, 2025

Fortra announced the launch of its new Data Security Posture Management (DSPM) solution to enable organizations to discover, classify, and protect sensitive data across their …

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035)

September 26, 2025

CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in zero-day attacks before the patch …

Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035)

September 22, 2025

If you’re running Fortra’s GoAnywhere managed file transfer solution and you haven’t updated to the latest available version for a while, do so now or risk getting …

The state of DMARC adoption: What 10M domains reveal

September 11, 2025

In this Help Net Security video, John Wilson, Senior Fellow, Threat Research at Fortra, explores the state of DMARC adoption across the top 10 million internet domains. He …

How cybercriminals exploit psychological triggers in social engineering attacks

May 6, 2025

Most attacks don’t start with malware; they begin with a message that seems completely normal, whether it comes through email, a phone call, or a chat, and that is exactly …

When confusion becomes a weapon: How cybercriminals exploit economic turmoil

April 23, 2025

It begins with a simple notification: “Markets in Free Fall.” Within moments, the headlines multiply: new tariffs, emergency actions, plummeting consumer confidence. Across …

Inside PlugValley: How this AI vishing-as-a-service group operates

April 17, 2025

In this Help Net Security video, Alexis Ober, Threat Intel Analyst at Fortra, discusses the threat actor group PlugValley, which is now offering AI-powered …