Get the latest updates!

Subscribe to our Newsletter

Stay up to date with Ridge Security news and products.

Fortra GoAnywhere MFT: Deserialization Flaw Opens the Door to Remote Code Execution (CVE-2025-10035)

by Dr. Yunfei Ge | Oct 14, 2025 | Blog

In September 2025, security researchers warned of CVE-2025-10035, a critical remote code execution flaw in Fortra’s GoAnywhere Managed File Transfer (MFT) platform. Rated CVSS 10.0, the vulnerability allows attackers to take full control of affected systems without...

Browser-to-Backdoor: CVE-2025-49596 Turned Anthropic’s MCP Developer Tools Into Attack Vectors

by Vincent Qi | Oct 7, 2025

In July 2025, security researchers uncovered CVE-2025-49596, a critical remote code execution...

When Trust Becomes a Weapon: Inside the UNC6040 & UNC6395 Salesforce Attack Campaigns

by Vincent Qi | Sep 25, 2025

In today's interconnected business environment, platforms like Salesforce have become the backbone...

When API Tokens Go Wrong: Lessons from the Salesforce Breach

by Dr. Yunfei Ge | Sep 22, 2025

Background The Salesforce breach occurred when attackers obtained OAuth tokens through...

Dynamic Playbook Generation – RidgeBot Uses DSLM to Reinvent Forensic Triage

by Ridge Security Research Team | Sep 11, 2025

In cybersecurity, time is everything. When an unknown vulnerability is discovered, the difference...

The Salesloft Drift Breach: Why Continuous SaaS Security Testing Is No Longer Optional

by Ridge Security Marketing | Sep 3, 2025

The recent Salesloft Drift breach is a reminder of just how interconnected and fragile today’s...

Threat Analysis: Unpacking the “ToolShell” Zero-Day in Microsoft SharePoint

by Vincent Qi | Aug 13, 2025

In July 2025, multiple critical vulnerabilities collectively known as “ToolShell” and tracked as...

« Older Entries