CISA warns that hackers are actively exploiting a high-severity flaw in Gogs that can lead to remote code execution; no patch is available yet.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

CISA has added CVE-2025-8110, a high-severity path traversal vulnerability in Gogs, to its Known Exploited Vulnerabilities catalog after detecting active exploitation. The flaw allows attackers to bypass symbolic link protections and achieve remote code execution by overwriting Git configuration files. Approximately 700 Gogs instances have been compromised, with 1,600 servers exposed online. No official patch is available yet, though code fixes are pending. Users should disable open registration and restrict server access via VPN or allow-lists until patches are released.

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution