Menu

25 Latest Articles Current Articles | Archives | Search
20

Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks

Master Code Fu posted on December 20, 2025 06:59
A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz. The flaw, tracked as CVE-2025-8110 (CVSS score: 8.7), is a case of file overwrite in the file update API of the Go-based self-hosted Git service. A fix for the issue is said to be currently in the

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
20

Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw

Master Code Fu posted on December 20, 2025 06:59
Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID "466192044." Unlike other disclosures, Google has opted to keep information about the CVE identifier, the affected component, and

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
20

Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution

Master Code Fu posted on December 20, 2025 06:59
Huntress is warning of a new actively exploited vulnerability in Gladinet's CentreStack and Triofox products stemming from the use of hard-coded cryptographic keys that have affected nine organizations so far. "Threat actors can potentially abuse this as a way to access the web.config file, opening the door for deserialization and remote code execution," security researcher Bryan Masters said.

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
20

React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors

Master Code Fu posted on December 20, 2025 06:59
React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of previously undocumented malware families, according to new findings from Huntress. This includes a Linux backdoor called PeerBlight, a reverse proxy tunnel named CowTunnel, and a Go-based

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
20

.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL

Master Code Fu posted on December 20, 2025 06:59
New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. WatchTowr Labs, which has codenamed the "invalid cast vulnerability" SOAPwn, said the issue impacts Barracuda Service Center RMM, Ivanti Endpoint Manager (EPM), and Umbraco 8. But the number of affected vendors is likely to be

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
Page 10 of 10First   Previous   5  6  7  8  9  [10]  Next   Last