Unpatched Gogs Zero-Day RCE (CVE-2025-8110) Actively Exploited
An unpatched Gogs zero-day (CVE-2025-8110) that bypasses a previous fix is being used to compromise more than 700 internet-exposed servers.
Read MoreZero-Day
PSA: Active exploitation of Microsoft SharePoint “ToolShell” flaws, Targeting Organizations and Allowing Remote Code Execution
New “ToolShell” exploit chain is actively being used to compromise SharePoint servers.
Read MoreMost Phishing Campaigns Evade Traditional Filters
Reliance on known IoCs makes many phishing attempts appear “zero-day,” giving attackers a window to bypass defenses before they are flagged.
Read MoreUnpatched Windows Zero-Day Exploited by 11 State-Sponsored Threat Actors
A zero-day flaw in Windows has been exploited by multiple state-sponsored attackers since 2017. Security teams are urging users to adopt recommended mitigations while awaiting an official patch.
Read MoreZero Day FreeType Vulnerability Disclosed by Meta
Meta’s security team has disclosed details of a zero-day flaw in version 2.13.0 of FreeType that allows arbitrary code execution.
Read MoreHackers Exploit 16 Zero-Days on First Day of Pwn2Own Automotive 2025
The competition, hosted by Trend Micro’s Zero Day Initiative (ZDI), focused on uncovering security flaws in automotive technologies.
Read MoreMozilla Firefox Zero-Day Actively Exploited, Patch Released
This ‘use-after-free’ vulnerability allows remote code execution and has been actively exploited in the wild.
Read MoreDell’s Data Breach and a Chrome Zero-Day
A massive data breach from Dell and Chrome fixes a zero-day in recent patch.
Read MoreCritical Cisco Flaw and Good Admin Passwords
Cisco has a super-critical zero-day flaw in IOS XE, and research shows that default and “easy” passwords are the most common passwords used by admins.
Read MoreOwl Labs Retraction, Qakbot, and Other Notable Updates
Owl Labs CVE’s are retracted. Also Qakbot is not quite dead yet, and other notable patches for the first week in October.
Read More