The exploited flaw allows attackers to overwrite files outside the repository, leading to remote code execution.
The post Unpatched Gogs Zero-Day Exploited for Months appeared first on SecurityWeek.
IBM Patches Over 100 Vulnerabilities
Most of the 100 vulnerabilities resolved this week, including critical flaws, were in third-party dependencies.
The post IBM Patches Over 100 Vulnerabilities appeared first on SecurityWeek.
Google Patches Mysterious Chrome Zero-Day Exploited in the Wild
The Chrome zero-day does not have a CVE and it’s unclear who reported it and which browser component it affects.
The post Google Patches Mysterious Chrome Zero-Day Exploited in the Wild appeared first on SecurityWeek.
Israeli Cybersecurity Funding Hits $4.4 Billion Record High
Over the past decade, overall funding in Israeli cybersecurity companies has increased by more than 500%, according to YL Ventures.
The post Israeli Cybersecurity Funding Hits $4.4 Billion Record High appeared first on SecurityWeek.
Virtual Event Today: Cyber AI & Automation Summit
Join to access sessions aimed at educating, inspiring, and provoking new ways of thinking about the hype and promise surrounding AI-powered enterprise security solutions and the threats posed by adversarial use of AI.
The post Virtual Event Today: Cyber AI & Automation Summit appeared first on SecurityWeek.
US Indicts Extradited Ukrainian on Charges of Aiding Russian Hacking Groups
Victoria Dubranova faces over 25 years in prison for links to Russia-backed CARR and NoName hacktivist groups.
The post US Indicts Extradited Ukrainian on Charges of Aiding Russian Hacking Groups appeared first on SecurityWeek.
Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data
GeminiJack is a zero-click Gemini attack that could have been exploited using specially crafted emails, calendar invites, or documents.
The post Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data appeared first on SecurityWeek.
Fortinet Patches Critical Authentication Bypass Vulnerabilities
The two security defects impact FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO login authentication enabled.
The post Fortinet Patches Critical Authentication Bypass Vulnerabilities appeared first on SecurityWeek.
Ivanti EPM Update Patches Critical Remote Code Execution Flaw
The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges.
The post Ivanti EPM Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek.
SAP Patches Critical Vulnerabilities With December 2025 Security Updates
Affecting Solution Manager, Commerce Cloud, and jConnect SDK, the bugs could lead to code injection and remote code execution.
The post SAP Patches Critical Vulnerabilities With December 2025 Security Updates appeared first on SecurityWeek.
