The Hacker News

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

CISA warns that hackers are actively exploiting a high-severity flaw in Gogs that can lead to remote code execution; no patch ...
Bleeping Computer

Apache fixes actively exploited zero-day vulnerability, patch now

The Apache Software Foundation has released version 2.4.50 of the HTTP Web Server to address two vulnerabilities, one of which is an actively exploited path traversal and file disclosure flaw. The ...
ZDNet

Vulnerability wholesaler cuts disclosure times over poor-quality patches

The Zero Day Initiative (ZDI), a vulnerability wholesaler, has reduced its disclosure timelines for incomplete patches in a bid to push vendors into improving the quality of their security updates.
Redmondmag.com

Zero-Day Attack Drives 113-Vulnerability Patch Tuesday Release to Start 2026

Microsoft rang in 2026 with its biggest January Patch Tuesday rollout in four years, shipping fixes for 113 vulnerabilities ...
Bleeping Computer

Fortinet FortiWeb flaw with public PoC exploited to create admin users

A Fortinet FortiWeb path traversal vulnerability is being actively exploited to create new administrative users on exposed devices without requiring authentication. The issue is fixed in FortiWeb ...
VentureBeat

Google unveils new council and legal fund to support vulnerability disclosure

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Today, Google unveiled three new initiatives designed to support the ...
Computer Weekly

Security Think Tank: Responsible vulnerability disclosure is a joint effort

We all know the importance of identifying and managing vulnerabilities in our systems, as well as patching them as soon as we can, taking into account the need to test critical system patches before ...