Internet Security

Critical Gogs zero-day under attack, 700 servers hacked

December 11, 2025 add comment
Hackers exploited an unpatched Gogs zero-day, allowing remote code execution and compromising around 700 Internet-facing servers. Gogs is a self-hosted Git service, similar to GitHub, GitLab, or Bitbucket, but... Read more »

GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration

December 11, 2025 add comment
Google fixed GeminiJack, a zero-click Gemini Enterprise flaw that could leak corporate data via crafted emails, invites, or documents, Noma Security says. Google addressed a Gemini Enterprise flaw dubbed... Read more »

Google fixed a new actively exploited Chrome zero-day

December 11, 2025 add comment
Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild. Google released security updates to fix three vulnerabilities in the Chrome browser,... Read more »

Pro-Russia Hacktivist Support: Ukrainian Faces US Charges

December 11, 2025 add comment
Ukrainian Victoria Dubranova, 33, faces US charges for aiding pro-Russia hacktivist groups CARR and NoName057(16) in global cyberattacks. A Ukrainian woman, Victoria Dubranova (33), has been charged in the... Read more »

Fortinet fixed two critical authentication-bypass vulnerabilities

December 10, 2025 add comment
Fortinet patched 18 flaws, including two authentication-bypass bugs affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO enabled. Fortinet addressed 18 vulnerabilities, including two authentication-bypass flaws, tracked as CVE-2025-59718... Read more »

New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea

December 10, 2025 add comment
NK-linked hackers are likely exploiting the React2Shell flaw to deploy a newly discovered remote access trojan, dubbed EtherRAT. North Korea–linked threat actors are likely exploiting the new critical React2Shell... Read more »

Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day

December 10, 2025 add comment
Microsoft Patch Tuesday security updates for December 2025 address 57 vulnerabilities, including three critical flaws. Microsoft Patch Tuesday security updates for December 2025 addressed 57 vulnerabilities in Windows and... Read more »

U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog

December 10, 2025 add comment
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Windows... Read more »

Ivanti warns customers of new EPM flaw enabling remote code execution

December 9, 2025 add comment
Ivanti warns users to address a newly disclosed Endpoint Manager vulnerability that could let attackers execute code remotely. Software firm Ivanti addressed a newly disclosed vulnerability, tracked as CVE-2025-10573... Read more »

Broadside botnet hits TBK DVRs, raising alarms for maritime logistics

December 9, 2025 add comment
Mirai-based Broadside botnet targets vulnerable TBK Vision DVRs, posing a potential threat to the maritime logistics sector, Cydome warns. Cydome researchers have identified a new Mirai botnet variant dubbed... Read more »
Subscribe to our Newsletter