Topic: patch deployment
-
CISA Mandates Urgent Patch for Actively Exploited Gogs Flaw
A critical remote code execution flaw (CVE-2025-8110) in Gogs is being actively exploited, allowing attackers to run arbitrary commands by manipulating Git configuration files. CISA has mandated all federal agencies to patch the vulnerability by February 2026, as over 1,400 public Gogs servers ar...
Read More » -
Google Issues Emergency Chrome Update for 2 Billion Users
Google has issued an emergency security patch for Chrome to address a high-severity vulnerability (CVE-2025-13223) that is already being actively exploited, allowing attackers to execute arbitrary code. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Kn...
Read More » -
Urgent Microsoft WSUS Flaw Actively Exploited After Patch
A severe security vulnerability (CVE-2025-59287) in Microsoft's WSUS allows unauthenticated remote code execution with SYSTEM privileges, prompting an urgent out-of-band patch due to incomplete initial fixes. The flaw arises from unsafe deserialization via BinaryFormatter in the `GetCookie()` end...
Read More » -
Active Attack Exploits Critical Adobe Commerce, Magento Flaw
Security researchers have identified active exploitation of a critical Adobe Commerce and Magento vulnerability (CVE-2025-54236, SessionReaper), which allows attackers to hijack customer accounts and potentially execute remote code, with over 250 attack attempts blocked in a single day. The vulne...
Read More » -
Libraesva ESG Zero-Day Exploited in Active Attacks (CVE-2025-59689)
A critical zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway is being actively exploited by a suspected state-sponsored actor, allowing arbitrary command execution on affected systems. The flaw is a command injection vulnerability caused by improper input sanitizatio...
Read More » -
Linux Distros at Risk: Chaining 2 LPEs for Root Access (CVE-2025-6018/19)
Two critical Linux vulnerabilities (CVE-2025-6018 and CVE-2025-6019) allow attackers to gain full system control by chaining exploits, affecting major distributions like Ubuntu and openSUSE. CVE-2025-6018 misconfigures PAM to grant remote attackers local user privileges, while CVE-2025-6019 explo...
Read More »