Articles tagged "Zero-day"

Found 143 articles

A serious security vulnerability in Gogs, a self-hosted Git service, is currently being exploited, affecting over 700 instances worldwide. This flaw, identified as CVE-2025-8110, has a CVSS score of 8.7 and allows attackers to overwrite files via the file update API. The lack of a patch means that many users are at risk, and researchers from Wiz have highlighted the urgency of addressing this issue. Companies using Gogs should take immediate action to secure their installations and monitor for any signs of compromise. The situation underscores the need for timely updates and vigilance in managing self-hosted services.

Read Original

Google has addressed a zero-day vulnerability in its Chrome browser that was actively exploited in the wild. This vulnerability, which does not have a CVE identifier, remains shrouded in mystery, as details about its origin and the specific components it affects are unclear. The lack of a CVE means users and security experts have limited information regarding the potential risks involved. However, the fact that it has been exploited means users should update their Chrome browsers promptly to safeguard against potential attacks. Keeping software up to date is crucial in mitigating risks associated with such vulnerabilities.

Read Original

On December 2025 Patch Tuesday, a total of 57 Common Vulnerabilities and Exposures (CVEs) were reported, including one critical zero-day vulnerability and two others that have been publicly disclosed. The zero-day is particularly concerning as it is actively exploited, meaning attackers may already be using it to compromise systems. Users and organizations running affected software should prioritize applying the latest patches to mitigate these risks. The vulnerabilities impact various products and systems, highlighting the ongoing need for vigilance in cybersecurity practices. Keeping software updated is essential to defend against potential exploitation.

Read Original

Barts Health NHS Trust has reported a data breach involving the Clop ransomware group, which exploited a vulnerability in the Oracle E-business Suite software to steal files from their database. This incident highlights the ongoing risks associated with unpatched software vulnerabilities and the potential for significant data loss in healthcare organizations.

Read Original
Actively Exploited

Three critical zero-day vulnerabilities in PickleScan have been identified, impacting Python and PyTorch. These flaws enable undetected attacks on AI model supply chains, posing significant risks to data integrity and security.

Read Original
Actively Exploited

Fortinet is facing significant challenges as a second zero-day vulnerability in its web application firewall (WAF) has been discovered and is under attack. This situation raises concerns about the vendor's disclosure practices and the overall security of their products.

Read Original
PreviousPage 10 of 10