A serious security vulnerability in Gogs, a self-hosted Git service, is currently being exploited, affecting over 700 instances worldwide. This flaw, identified as CVE-2025-8110, has a CVSS score of 8.7 and allows attackers to overwrite files via the file update API. The lack of a patch means that many users are at risk, and researchers from Wiz have highlighted the urgency of addressing this issue. Companies using Gogs should take immediate action to secure their installations and monitor for any signs of compromise. The situation underscores the need for timely updates and vigilance in managing self-hosted services.
Articles tagged "Zero-day"
Found 143 articles
Google has addressed a zero-day vulnerability in its Chrome browser that was actively exploited in the wild. This vulnerability, which does not have a CVE identifier, remains shrouded in mystery, as details about its origin and the specific components it affects are unclear. The lack of a CVE means users and security experts have limited information regarding the potential risks involved. However, the fact that it has been exploited means users should update their Chrome browsers promptly to safeguard against potential attacks. Keeping software up to date is crucial in mitigating risks associated with such vulnerabilities.
Blog
On December 2025 Patch Tuesday, a total of 57 Common Vulnerabilities and Exposures (CVEs) were reported, including one critical zero-day vulnerability and two others that have been publicly disclosed. The zero-day is particularly concerning as it is actively exploited, meaning attackers may already be using it to compromise systems. Users and organizations running affected software should prioritize applying the latest patches to mitigate these risks. The vulnerabilities impact various products and systems, highlighting the ongoing need for vigilance in cybersecurity practices. Keeping software updated is essential to defend against potential exploitation.
Barts Health NHS Trust has reported a data breach involving the Clop ransomware group, which exploited a vulnerability in the Oracle E-business Suite software to steal files from their database. This incident highlights the ongoing risks associated with unpatched software vulnerabilities and the potential for significant data loss in healthcare organizations.
Three critical zero-day vulnerabilities in PickleScan have been identified, impacting Python and PyTorch. These flaws enable undetected attacks on AI model supply chains, posing significant risks to data integrity and security.
The Hacker News
CISA has identified a critical security vulnerability in Oracle Identity Manager, classified as CVE-2025-61757, which is actively being exploited. This vulnerability involves missing authentication for a critical function, posing significant security risks.
A critical unauthenticated remote code execution vulnerability, identified as CVE-2025-61757, has been discovered in Oracle Identity Manager. This flaw poses significant risks as it may be exploited as a zero-day, allowing attackers to execute arbitrary code without authentication.
Fortinet is facing significant challenges as a second zero-day vulnerability in its web application firewall (WAF) has been discovered and is under attack. This situation raises concerns about the vendor's disclosure practices and the overall security of their products.