Attackers are actively exploiting a newly discovered zero-day vulnerability in Gogs—a widely used self-hosted Git service—for which no official patch has yet been released. According to Wiz, the ongoing campaign has already compromised more...
Google has released an unscheduled Chrome update to patch a zero-day vulnerability already being exploited in active attacks. The fix is included in stable build 143.0.7499.110 for Windows and macOS, and 143.0.7499.109 for Linux....
Microsoft has released its December security updates: Patch Tuesday brings fixes for 57 vulnerabilities, including three zero-days (one of which is already being actively exploited) and three critical remote-code-execution flaws. Administrators and Windows users...
A data leak at the Chinese company Knownsec—long heralded as one of the flagships of the nation’s cybersecurity industry—has dealt the firm a reputational blow and forced an unexpected admission of internal weaknesses. In...
Microsoft has quietly patched a long-standing flaw in Windows that had been exploited in real-world attacks for several years. The fix arrived in the November Patch Tuesday release, even though the company had previously...
Developers and administrators worldwide are scrambling to update their servers after the disclosure of a critical vulnerability in React Server — a flaw that enables unauthenticated remote code execution through a single crafted HTTP...
Two Android vulnerabilities were actively exploited as zero-days before patches became available, according to Google’s December Android Security Bulletin. Both flaws affect the Framework component and enable data access and privilege escalation, making it...
Cl0p struck a blow against Oracle by exploiting a critical zero-day vulnerability in the E-Business Suite. Researchers report that attacks leveraging this flaw have been underway since July 2025, already compromising numerous major organizations...
Peter Williams, former chief executive of Trenchant—a division within the defense contractor L3Harris—has recently pleaded guilty to stealing and selling classified cyber-espionage tools to a foreign intermediary. Court documents and a TechCrunch investigation have...
AI-powered browsers are rapidly reshaping the familiar landscape of web browsing, evolving from passive tools for displaying pages into active participants in user interaction. Following the recent launch of Copilot Mode in Microsoft Edge...
Former L3Harris defense contractor employee Peter Williams has pleaded guilty in a U.S. federal court to two counts of theft of trade secrets, admitting that he sold eight zero-day vulnerabilities to a Russian intermediary...
Cyberthreat analysts are reporting active exploitation of a critical vulnerability in Windows Server Update Services (WSUS), identified as CVE-2025-59287. Merely days after Microsoft released an emergency patch and CISA added the flaw to its...
