Latest Cybersecurity News
View all →Gogs Zero-Day RCE (CVE-2025-8110) Actively Exploited
While investigating a malware infection on a customer workload, Wiz Research discovered an active zero-day vulnerability in Gogs, a popular self-hosted Git service. A symlink…
Microsoft Releases OOBE Cumulative Update for Windows 11, Versions 24H2 and 25H2
Microsoft has rolled out KB5095189, a new cumulative update targeting the Out-of-Box Experience (OOBE) for Windows 11, versions 24H2 and 25H2. Released on June 23,…
Microsoft Exchange SSRF Vulnerability Lets Low-Privileged Attackers Read Arbitrary Files
A newly disclosed vulnerability in Microsoft Exchange, identified as CVE-2026-45504 (CVSS score: 8.8), exposes a critical server-side request forgery (SSRF) flaw. This issue allows authenticated…
Week in review: SimpleHelp vulnerability exploited, Oracle EBS Payments flaw under attack
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Companies keep bolting AI onto their products, and the security…
New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels…
Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION
Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION Pierluigi Paganini July 05, 2026 A new round of the weekly Security Affairs newsletter…
Zero‑Days in the Age of AI: Behind the Scenes of ZeroDay.cloud 2025, with a Record High of CVEs in Critical Cloud Infra
The zeroday.cloud competition may be over, but the race is just beginning. Last week in London, Wiz Research hosted a first-of-its-kind cloud hacking competition in…
Alibaba to Ban Claude Code Over Alleged Embedded Backdoor Risks
Alibaba is reportedly set to ban Anthropic’s Claude Code from its internal workplace environments starting July 10, 2026, over alleged embedded backdoor risks. The company…
Verified X Sponsored Ad Spreads Mac Malware While ConsentFix Hijacks Microsoft 365 Accounts
A Mac-targeting ClickFix campaign amplified through a verified X sponsored ad, and a novel browser-based hijack technique called ConsentFix that exfiltrates Microsoft 365 session tokens…