A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz. The flaw, tracked as CVE-2025-8110 (CVSS score: 8.7), is a case of file overwrite in the file update API of the Go-basedRead More »Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks
Most of the 100 vulnerabilities resolved this week, including critical flaws, were in third-party dependencies. The post IBM Patches Over 100 Vulnerabilities appeared first on SecurityWeek.
The Chrome zero-day does not have a CVE and it’s unclear who reported it and which browser component it affects. The post Google Patches Mysterious Chrome Zero-Day Exploited in the Wild appeared first on SecurityWeek.
On December 4, 2025, researchers published details on the critical vulnerability CVE-2025-55182, which received a CVSS score of 10.0. It has been unofficially dubbed React4Shell, as it affects React Server Components (RSC) functionality used in web applications built with the React library. RSC speeds up UI rendering by distributing tasks betweenRead More »It didn’t take long: CVE-2025-55182 is now under active exploitation
Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID “466192044.” Unlike other disclosures, Google has opted toRead More »Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw
Huntress is warning of a new actively exploited vulnerability in Gladinet’s CentreStack and Triofox products stemming from the use of hard-coded cryptographic keys that have affected nine organizations so far. “Threat actors can potentially abuse this as a way to access the web.config file, opening the door for deserialization andRead More »Active Attacks Exploit Gladinet’s Hard-Coded Keys for Unauthorized Access and Code Execution
React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of previously undocumented malware families, according to new findings from Huntress. This includes a Linux backdoor called PeerBlight, a reverse proxy tunnel named CowTunnel,Read More »React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. WatchTowr Labs, which has codenamed the “invalid cast vulnerability” SOAPwn, said the issue impacts Barracuda Service Center RMM, Ivanti Endpoint Manager (EPM), and Umbraco 8. But the numberRead More ».NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
Over the past decade, overall funding in Israeli cybersecurity companies has increased by more than 500%, according to YL Ventures. The post Israeli Cybersecurity Funding Hits $4.4 Billion Record High appeared first on SecurityWeek.
Join to access sessions aimed at educating, inspiring, and provoking new ways of thinking about the hype and promise surrounding AI-powered enterprise security solutions and the threats posed by adversarial use of AI. The post Virtual Event Today: Cyber AI & Automation Summit appeared first on SecurityWeek.
