Bleeping Computer

Hackers exploit unpatched Gogs zero-day to breach 700 servers

An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers.
Dark Reading

Attackers Exploited Gogs Zero-Day Flaw for Months

A vulnerability in self-hosted Git service Gogs is facing widespread exploitation, and no patch is available at this time. That's according to Wiz, which on Dec. 10 published research disclosing ...
Hosted on MSN

700+ self-hosted Gits battered in 0-day attacks with no fix imminent

Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project doesn't yet have a fix.… More than 700 instances have been compromised in the ...
Hackaday

This Week In Security: Hornet, Gogs, And Blinkenlights

Microsoft has published a patch-set for the Linux kernel, proposing the Hornet Linux Security Module (LSM). If you haven’t been keeping up with the kernel contributor scoreboard, Microsoft is #11 at ...
The Record

Federal agencies now only have one more day to patch React2Shell bug

The amount of time federal agencies have to patch the recent React2Shell vulnerability has decreased significantly. The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-55182 — a ...
The Hacker News

Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks

A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz.