On February 1, Fortra alerted GoAnywhere MFT users about a zero-day remote code injection exploit. The vendor immediately provided indicators of compromise (IoCs) and mitigations, but released a patch only a week later.
Users, particularly those who are running an admin portal that is exposed to the internet, have been instructed to urgently install the patch.