New Gogs zero-day flaw lets hackers get remote code execution
…This critical severity argument injection security flaw has yet to be assigned a CVE ID, affects the latest release versions (Gogs 0.14.2 and 0.15.0+dev), and can only…
Search
Top stories
Gogs patches critical zero-day enabling remote code execution
…This argument injection vulnerability has yet to be assigned a CVE ID, can only be exploited by authenticated attackers without admin privileges, and affects all Gogs releases up to and including 0…
New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute
…When combined, a single client on a 100 Mbps connection can exhaust tens of gigabytes of RAM within seconds, forcing the server to allocate it and then preventing its release. “A home…
Red Hat npm packages compromised to steal developer credentials
…Those commits added a GitHub Actions workflow and a script that abused npm's publishing mechanism to release backdoored packages. "When the workflow runs, it installs Bun and executes _index.js , passing…
Microsoft says some users can't install Office on Windows 365 devices
…The validation and deployment of the fix will take time to complete and will closely monitor the progress." Microsoft has yet to provide a final timeline for full remediation and said that…
73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation
…Notice where the time goes. It isn't inside any one tool. The EDR is fast. The SIEM is fast. The vulnerability scanner is fast. The time dies between the tools: the…
Microsoft confirms patching issues in restricted Windows networks
…updates released in March, April, or later months," Microsoft said in a service alert first spotted by Microsoft MVP Susan Bradley. "This issue results from recent changes in download timeout requirements when…
Spain arrests doxer leaking sensitive data of govt employees
…The threat group responsible for this leak was reportedly ‘Police-ESP-Doxed,’ who leaked it in one of BreachForum's iterations available at the time. Later, in March, the personal data of…
Trellix source code breach claimed by RansomHouse hackers
…Based on our investigation to date, we have found no evidence that our source code release or distribution process was affected, or that our source code has been exploited." At the time…
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
…On the first day , Orange Tsai earned another $175,000 for a Microsoft Edge sandbox escape chaining 4 logic bugs, Windows 11 was hacked 3 times, and Valentina Palmiotti (chompie) of IBM…