VulnHub

Researchers at Wiz have discovered a serious vulnerability in Gogs, a self-hosted Git service. This flaw allows attackers to bypass a previously reported remote code execution (RCE) vulnerability that was disclosed last year. Although the specifics of the exploitation have not been detailed, the revelation indicates that the vulnerability has been exploited for months without a patch available to fix it. This situation poses significant risks for organizations that rely on Gogs for their version control, as it could lead to unauthorized access and potentially severe security breaches. Users of Gogs need to stay vigilant and consider alternative security measures while waiting for a fix.

Hackers have taken advantage of a serious unpatched zero-day vulnerability in Gogs, a widely used self-hosted Git service, allowing them to execute remote code on exposed servers. This breach has impacted around 700 Internet-facing instances, putting sensitive data at risk and potentially leading to further attacks. The vulnerability is particularly concerning because it remains unpatched, leaving many servers vulnerable to exploitation. Users of Gogs should take immediate action to secure their systems, as the lack of a fix means attackers can easily compromise servers. This incident serves as a reminder for organizations to prioritize timely software updates and security measures to protect their infrastructure.

A serious security vulnerability in Gogs, a self-hosted Git service, is currently being exploited, affecting over 700 instances worldwide. This flaw, identified as CVE-2025-8110, has a CVSS score of 8.7 and allows attackers to overwrite files via the file update API. The lack of a patch means that many users are at risk, and researchers from Wiz have highlighted the urgency of addressing this issue. Companies using Gogs should take immediate action to secure their installations and monitor for any signs of compromise. The situation underscores the need for timely updates and vigilance in managing self-hosted services.

Google has addressed a zero-day vulnerability in its Chrome browser that was actively exploited in the wild. This vulnerability, which does not have a CVE identifier, remains shrouded in mystery, as details about its origin and the specific components it affects are unclear. The lack of a CVE means users and security experts have limited information regarding the potential risks involved. However, the fact that it has been exploited means users should update their Chrome browsers promptly to safeguard against potential attacks. Keeping software up to date is crucial in mitigating risks associated with such vulnerabilities.

On December 2025 Patch Tuesday, a total of 57 Common Vulnerabilities and Exposures (CVEs) were reported, including one critical zero-day vulnerability and two others that have been publicly disclosed. The zero-day is particularly concerning as it is actively exploited, meaning attackers may already be using it to compromise systems. Users and organizations running affected software should prioritize applying the latest patches to mitigate these risks. The vulnerabilities impact various products and systems, highlighting the ongoing need for vigilance in cybersecurity practices. Keeping software updated is essential to defend against potential exploitation.

Barts Health NHS Trust has reported a data breach involving the Clop ransomware group, which exploited a vulnerability in the Oracle E-business Suite software to steal files from their database. This incident highlights the ongoing risks associated with unpatched software vulnerabilities and the potential for significant data loss in healthcare organizations.

Three critical zero-day vulnerabilities in PickleScan have been identified, impacting Python and PyTorch. These flaws enable undetected attacks on AI model supply chains, posing significant risks to data integrity and security.

CISA has identified a critical security vulnerability in Oracle Identity Manager, classified as CVE-2025-61757, which is actively being exploited. This vulnerability involves missing authentication for a critical function, posing significant security risks.

A critical unauthenticated remote code execution vulnerability, identified as CVE-2025-61757, has been discovered in Oracle Identity Manager. This flaw poses significant risks as it may be exploited as a zero-day, allowing attackers to execute arbitrary code without authentication.

Fortinet is facing significant challenges as a second zero-day vulnerability in its web application firewall (WAF) has been discovered and is under attack. This situation raises concerns about the vendor's disclosure practices and the overall security of their products.