Hosted on MSN

Federal agencies told to fix or ditch Gogs as exploited zero-day lands on CISA hit list

CISA has ordered federal agencies to stop using Gogs or lock it down immediately after a high-severity vulnerability in the self-hosted Git service was added to its Known Exploited Vulnerabilities ...
Bleeping Computer

Hackers exploit unpatched Gogs zero-day to breach 700 servers

An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers.
Infosecurity-magazine.com

CISA Flags Actively Exploited Gogs Vulnerability With No Patch

A high-severity security flaw affecting the self-hosted Git service Gogs is being actively exploited, prompting a warning from the US Cybersecurity and Infrastructure Security Agency (CISA). The issue ...
Hosted on MSN

US government told to patch serious Gogs security issue or face attack

CISA added Gogs CVE-2025-8110 to its Known Exploited Vulnerabilities catalog Critical symlink bypass enables unauthenticated Remote Code Execution via PutContents API Over 700 Gogs servers compromised ...
Hackaday

This Week In Security: Hornet, Gogs, And Blinkenlights

Microsoft has published a patch-set for the Linux kernel, proposing the Hornet Linux Security Module (LSM). If you haven’t been keeping up with the kernel contributor scoreboard, Microsoft is #11 at ...