Skip to content
information security Page 14

information security

Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks

Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks

Dec 11, 2025Ravie LakshmananVulnerability / Cloud Security A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz.… 

Read More »Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks
Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw

Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw

Dec 11, 2025Ravie LakshmananZero-Day / Vulnerability Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability,… 

Read More »Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw
Active Attacks Exploit Gladinet’s Hard-Coded Keys for Unauthorized Access and Code Execution

Active Attacks Exploit Gladinet’s Hard-Coded Keys for Unauthorized Access and Code Execution

Dec 11, 2025Ravie LakshmananVulnerability / Encryption Huntress is warning of a new actively exploited vulnerability in Gladinet’s CentreStack and Triofox products stemming from the use of hard-coded cryptographic keys that have affected nine organizations so… 

Read More »Active Attacks Exploit Gladinet’s Hard-Coded Keys for Unauthorized Access and Code Execution
React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors

React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors

React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of previously undocumented malware families, according to new findings… 

Read More »React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL

.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL

Dec 10, 2025Ravie LakshmananEnterprise Security / Web Services New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. WatchTowr Labs, which has codenamed… 

Read More ».NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling

Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling

Dec 10, 2025Ravie LakshmananHardware Security / Vulnerability Three security vulnerabilities have been disclosed in the Peripheral Component Interconnect Express (PCIe) Integrity and Data Encryption (IDE) protocol specification that could expose a local attacker to serious… 

Read More »Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling
WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups

WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups

Dec 10, 2025Ravie LakshmananVulnerability / Malware The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a security flaw impacting the WinRAR file archiver and compression utility to its Known Exploited Vulnerabilities (KEV) catalog,… 

Read More »WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups
How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes

How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes

Dec 10, 2025The Hacker NewsCloud Security / Threat Detection Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code.… 

Read More »How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days

Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days

Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of the 56 flaws, three are rated… 

Read More »Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

Dec 10, 2025Ravie LakshmananVulnerability / Endpoint Security Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution. The… 

Read More »Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws