CVE-2025-8110: Unpatched Gogs RCE Vulnerability Actively Exploited in the Wild
Executive Summary CVE-2025-8110 is an actively exploited, unpatched Remote Code Execution (RCE) vulnerability affecting all Gogs versions ≤ 0.13.3. The flaw allows authenticated users to bypass path-traversal protections through a symlink-based file-write bypass, enabling arbitrary file overwrite on the host server and ultimately full system compromise. With no official patch available and exploitation occurring in […]
CVE-2025-66570 in cpp-httplib – Critical Header Shadowing Vulnerability Explained
A critical vulnerability (CVE-2025-66570, GHSA-xm2j-vfr9-mg9m) has been identified in cpp-httplib, a popular single-header C++ HTTP/HTTPS library used in many lightweight services, internal tools, and embedded applications. Prior to version 0.27.0, cpp-httplib incorrectly accepts and processes certain reserved header names directly from client requests, including: REMOTE_ADDR,REMOTE_PORT,LOCAL_ADDR,LOCAL_PORT. Because these values are parsed before httplib injects the server’s […]
Apache Tika XXE Vulnerability (CVE-2025-66516) – Critical PDF Parsing Exploit
A severe flaw has been discovered in Apache Tika, the widely adopted framework for document parsing and content extraction. Tracked as CVE-2025-66516 with a CVSS score of 10.0, the issue enables XML External Entity (XXE) attacks through specially crafted PDF files. This new advisory replaces CVE-2025-54988. Although the earlier notice pointed to the PDF parser […]
Critical Security Alert: Unauthenticated RCE in React CVE-2025-55182 & Next.js CVE-2025-66478
Two new critical vulnerabilities, CVE-2025-55182 (React) and CVE-2025-66478 (Next.js), were publicly disclosed today, impacting React and Next.js applications. These issues allow unauthenticated remote code execution under default framework configurations, requiring no special setup or developer mistakes. Testing confirms that even newly generated Next.js applications created with create-next-app and built for production are immediately vulnerable without […]
Shai Hulud 2.0: The NPM Supply Chain Attack Returns as an Aggressive Self-Propagating Worm
The newly uncovered “Shai Hulud 2.0”, also known as sha1-hulud, campaign is one of the most aggressive npm supply-chain attacks to date. Unlike the earlier, more contained incident, this wave introduces a fully automated worm that rapidly spreads across maintainers, repositories, and dependency graphs. More than 25,000 repositories tied to hundreds of developers have already […]
npm Supply Chain Attack: Shai Hulud Worm Escalates August Nx Compromise
On September 16, 2025, a large-scale npm supply chain attack was discovered, which seems to be linked to the same threat actors behind the August 27 Nx compromise (under ongoing investigation). Dubbed Shai Hulud, this self-propagating worm has infected nearly 40 npm packages, including several from CrowdStrike, by harvesting secrets from CI/CD pipelines and cloud […]
GitHub Actions Supply Chain Compromise: tj-actions/changed-files Action
We are actively responding to a significant security breach involving the widely used GitHub Action, tj-actions/changed-files. Current findings indicate that nearly all tagged versions of tj-actions/changed-files have been compromised, resulting in direct access to running containers and virtual machines’ memory, allowing the extraction of sensitive secrets, information, and code. This is happening through the following command […]
New CVE-2024-5591 Zero-Day Exploitation of Fortinet Firewalls
On January 14, 2025, Fortinet announced a critical vulnerability impacting its FortiOS and FortiProxy systems, CVE-2024-55591 is an authentication bypass zero-day vulnerability that has been actively exploited since mid-November 2024, enabling attackers to hijack Fortinet firewalls and compromise enterprise networks. Successful exploitation grants remote attackers super-admin privileges via malicious requests to the Node.js websocket module. Discovery […]
Introducing New Runtime Security Features for Modern Containerized Environments
At Upwind Security, we continuously enhance our security capabilities to address emerging threats and provide unparalleled runtime protection for containerized environments. In this update, we are excited to introduce new detection and prevention policies designed to secure workloads against sophisticated attacks. Next-Generation Threat Detections Over the past several weeks we have added additional detection policies […]
New Zero-Day Exploitation of Ivanti Connect Secure VPN Devices with CVE-2025-0282 and CVE-2025-0283
On January 8, 2025, Ivanti announced two critical vulnerabilities impacting its Connect Secure (ICS) VPN appliances: CVE-2025-0282 and CVE-2025-0283. Notably, CVE-2025-0282 has been actively exploited in the wild since mid-December 2024. This vulnerability, an unauthenticated stack-based buffer overflow, allows remote code execution without authentication, posing a serious risk of further network compromise. Discovery and Response […]
