Bleeping Computer

Hackers exploit unpatched Gogs zero-day to breach 700 servers

An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers.
Infosecurity-magazine.com

CISA Flags Actively Exploited Gogs Vulnerability With No Patch

A high-severity security flaw affecting the self-hosted Git service Gogs is being actively exploited, prompting a warning from the US Cybersecurity and Infrastructure Security Agency (CISA). The issue ...
Dark Reading

Attackers Exploited Gogs Zero-Day Flaw for Months

A vulnerability in self-hosted Git service Gogs is facing widespread exploitation, and no patch is available at this time. That's according to Wiz, which on Dec. 10 published research disclosing ...
Hosted on MSN

US government told to patch serious Gogs security issue or face attack

CISA added Gogs CVE-2025-8110 to its Known Exploited Vulnerabilities catalog Critical symlink bypass enables unauthenticated Remote Code Execution via PutContents API Over 700 Gogs servers compromised ...
Hackaday

This Week In Security: Hornet, Gogs, And Blinkenlights

Microsoft has published a patch-set for the Linux kernel, proposing the Hornet Linux Security Module (LSM). If you haven’t been keeping up with the kernel contributor scoreboard, Microsoft is #11 at ...