SecurityWeek

Unpatched Gogs Zero-Day Exploited for Months

Threat actors have exploited a zero-day vulnerability in the Gogs self-hosted Git service to compromise over 700 ...
The Hacker News

Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks

Unpatched Gogs flaw CVE-2025-8110 enables file overwrite and code execution, driving over 700 confirmed compromises.
ZDNet

Over 100,000 GitHub repos have leaked API or cryptographic keys

A scan of billions of files from 13 percent of all GitHub public repositories over a period of six months has revealed that over 100,000 repos have leaked API tokens and cryptographic keys, with ...
HealthcareInfoSecurity

Zero Day: 700 Instances of Self-Hosted Git Service Exploited

An attacker has been exploiting a zero-day vulnerability in Gogs, an open-source and popular Git service that allows for self ...
Bleeping Computer

GitHub now can auto-block token and API key leaks for all repos

GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories. Today's announcement comes after the company introduced push ...

700+ self-hosted Gits battered in 0-day attacks with no fix imminent

Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project ...
InfoWorld

GitHub Action Secrets aren’t secret anymore: exposed PATs now a direct path into cloud environments

Wiz has found threat actors exploiting GitHub tokens, giving them access to GitHub Action Secrets and, ultimately, cloud ...
Dark Reading

Attackers Exploited Gogs Zero-Day Flaw for Months

Wiz disclosed a still-unpatched vulnerability in self-hosted Git service Gogs, which is a bypass for a previous RCE bug ...