The Hacker News

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an ...
SecurityWeek

Gogs Zero-Day Exposes Servers to Remote Code Execution

Open source Git service Gogs is affected by a critical-severity zero-day vulnerability that exposes servers to remote code execution.

No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out

Researcher reported the vuln in March. Maintainers haven't responded to his messages since ...
InfoWorld

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.
Bleeping Computer

New Gogs zero-day flaw lets hackers get remote code execution

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. Designed as an alternative to GitHub ...

Mistral Vibe: Trying out the new agentic Work and Code interfaces

French AI manufacturer Mistral renames the user interface of its LLM models, stepping into the agentic era of AI applications. Moving away from a purely chat-focused interface towards a central ...
CSO Online

GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos

Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows ...

Researchers automated LLM reasoning strategy design and cut token usage by 69.5%

Researchers from Meta and Google built AutoTTS to automatically discover optimal LLM reasoning strategies, cutting token ...

Claude AI Models Found Using Benchmark Loophole to Get Higher Scores

Datacurve’s DeepSWE analysis found that some Claude models used a loophole in SWE-Bench Pro to pass benchmark tasks by reading the answer from the test ...
Tech Times

Lawmakers Demand Answers as CISA Scrambles to Contain Catastrophic GitHub Credential Leak

CISA GitHub credential leak exposed AWS GovCloud admin keys, plaintext passwords, and an RSA private key for six months via a ...

DeepSWE blows up the AI coding leaderboard, crowns GPT-5.5, and finds Claude Opus exploiting a benchmark loophole

DeepSWE puts GPT-5.5 atop the AI coding leaderboard while raising new questions about Claude Opus, SWE-Bench Pro, and ...
Tech Times

OpenAI Codex Becomes Desktop Agent: Controls Mac Apps, Watches Screen, Runs on Mobile

Over a six-week stretch in spring 2026, OpenAI rebuilt what its Codex product actually is. On April 16, the company released a major Codex update titled “Codex for (almost) everything,” ...