Topic: wiz research
-
Unpatched Gogs Bug Actively Exploited, CISA Warns
A critical vulnerability (CVE-2025-8110) in the Gogs platform is being actively exploited, allowing authenticated users to achieve remote code execution by overwriting files via a symbolic link flaw. Over 700 Gogs instances have already been compromised, with no official patch yet available, thou...
Read More » -
CISA Mandates Urgent Patch for Actively Exploited Gogs Flaw
A critical remote code execution flaw (CVE-2025-8110) in Gogs is being actively exploited, allowing attackers to run arbitrary commands by manipulating Git configuration files. CISA has mandated all federal agencies to patch the vulnerability by February 2026, as over 1,400 public Gogs servers ar...
Read More » -
Urgent Redis Update Fixes Critical RCE Vulnerability
A critical use-after-free vulnerability (CVE-2025-49844) in Redis's Lua scripting allows authenticated attackers to execute arbitrary code on the host server, affecting versions 8.2.1 and earlier. The flaw is exacerbated by default configurations in Redis container images that disable authenticat...
Read More » -
NPM Supply-Chain Attack Thwarted: Hackers Foiled
A massive supply-chain attack on the NPM ecosystem was quickly neutralized, preventing a catastrophic security incident despite malicious updates reaching 10% of cloud environments. The attack began with a phishing compromise of a maintainer account, allowing tainted updates to widely used packag...
Read More »