Threat actors have been actively exploiting a zero-day flaw in Fortra's GoAnywhere MFT managed file transfer application, The Hacker News reports. More than 1,000 on-premises Fortra GoAnywhere MFT instances, most of which are in the U.S., are likely vulnerable to the remote code injection bug, which was initially detailed by security reporter Brian Krebs, according to security researcher Kevin Beaumont. GoAnywhere MFT users have been urged by Fortra to appraise all administrative users and track usernames that are unrecognizable, noted Rapid7, which added that potential exploitation may entail the usage of weak, reused, or default credentials for administrative console access. "The logical deduction is that Fortra is likely seeing follow-on attacker behavior that includes the creation of new administrative or other users to take over or maintain persistence on vulnerable target systems," said Rapid7 researcher Caitlin Condon. Workarounds for "License Response Servlet" configuration removal from the web.xml file have been released by Fortra amid the pending fix.