To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.

Skip to content

**Navigation Menu**

*   *   AI CODE CREATION
        
        *   GitHub CopilotWrite better code with AI
            
        *   GitHub SparkBuild and deploy intelligent apps
            
        *   GitHub ModelsManage and compare prompts
            
        *   MCP RegistryNewIntegrate external tools
            
        
    
    View all features
    

*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

Appearance settings

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2025-68120

**Visual Studio Code Go extension has unexpected untrusted code execution**

Moderate severity GitHub Reviewed Published Dec 30, 2025 to the GitHub Advisory Database • Updated Dec 31, 2025

**Package**

gomod github.com/golang/vscode-go (Go)

**Affected versions**

< 0.52.1

**Description**

Published to the GitHub Advisory Database

Dec 30, 2025

Last updated

Dec 31, 2025

GHSA-fjmr-7667-8v4p: Visual Studio Code Go extension has unexpected untrusted code execution

Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost immediately.
A common theme ran through it all in 2025. Attackers moved faster than fixes. Access meant for work, updates, or support kept getting abused. And damage did not

⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More

From university breaches to cyberattacks that shut down whole supply chains, these were the worst cybersecurity incidents of the year.

It was a strange year in cyberspace, as US president Donald Trump and his administration launched foreign policy initiatives and massive changes to the federal government that have had significant geopolitical ramifications. Through it all, the steady drumbeat kept pounding of data breaches, leaks, ransomware attacks, digital extortion cases, and state-sponsored attacks that have unfortunately become a backdrop of daily life.

Here's WIRED's look back on this year's most significant breaches, hacking sprees, and digital attacks. Stay alert, and stay safe out there.

**Salesforce Integrations**

Attackers grabbed data from the sales management giant Salesforce in at least two breaches this year—but they didn't compromise Salesforce directly. Instead, the group breached third-party Salesforce contractor integrations, including those of Gainsight and Salesloft.

Google's Threat Intelligence Group published about the spree in August, saying that some Google Workspace data had been compromised as part of the breach of the sales and marketing platform Salesloft Drift. Though the incident was not a direct hack of Google Workspace, it represented a rare instance in recent years of Alphabet customer data being exposed.

Other impacted companies include Cloudflare, Docusign, Verizon, Workday, Cisco, LinkedIn, Bugcrowd, Proofpoint, GitLab, SonicWall, Adidas, Louis Vuitton, and Chanel. The credit bureau TransUnion also had a breach apparently tied to the situation that exposed the information of 4.4 million people, including names and Social Security numbers.

The spree was perpetrated by a group known as Scattered Lapsus$ Hunters—a potential amalgam of actors and tooling from the hacking and data theft groups Scattered Spider, Lapsus$, and ShinyHunters. Researchers note, though, that the group isn't actually a one-to-one evolution of the three namesakes. Regardless, Scattered Lapsus$ Hunters have a data leak site where they've been previewing troves of stolen data from the campaign and conducting digital extortion attacks on victims.

**Clop’s Oracle E-Business Hacking Spree**

The ransomware group Clop is known for carrying out mass exploitation of vulnerabilities for data breaches and extortion attacks. Past rampages in recent years had huge numbers of victims at both private companies and government agencies. This year, the group did it again, exploiting a vulnerability in Oracle’s E-Business internal management platform to steal data from numerous companies and organizations.

As part of the spree, Clop was able to steal employee data from multiple companies, including the personal information of executives, and used it to send emails and other threatening communications to senior employees as part of demands for millions of dollars in ransom to delete the data instead of publishing it.

Oracle scrambled to patch the vulnerability at the beginning of October, but Clop had already been exploiting it to steal data from hospitals and health care groups, media companies like The Washington Post, and universities like the University of Pennsylvania (see below).

**University Breaches**

The University of Pennsylvania publicly disclosed a data breach at the beginning of November that took place at the end of October, impacting personal data—some of it years or decades old—of students, alumni, and donors. The data also included internal university documents and some financial information. The incident was the result of a phishing attack; the hacker sent email blasts to students and alumni describing Penn as “woke” and saying that the school prioritizes “legacies, donors and unqualified affirmative action admits.” The Verge reported, though, that ultimately the hacker may have been financially motivated.

Harvard said in a November statement that the systems of its Alumni Affairs and Development office had been breached via a “phone-based phishing attack.” The incident involved personal information of alumni, their partners, Harvard donors, parents of current and former students, some current students, and some faculty and staff. The data included email addresses, phone numbers, physical addresses, event attendance records, information about donations to the university and other fundraising details. Princeton University was hit with a similar attack that same month, although the scope of affected data seems more limited.

The Worst Hacks of 2025

A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter.

Skip to content

**Navigation Menu**

*   *   AI CODE CREATION
        
        *   GitHub CopilotWrite better code with AI
            
        *   GitHub SparkBuild and deploy intelligent apps
            
        *   GitHub ModelsManage and compare prompts
            
        *   MCP RegistryNewIntegrate external tools
            
        
    
    View all features
    

*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

Appearance settings

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-42718

**Croogo CMS has a path traversal vulnerability**

High severity GitHub Reviewed Published Dec 26, 2025 to the GitHub Advisory Database • Updated Dec 26, 2025

**Package**

composer croogo/croogo (Composer)

**Affected versions**

<= 4.0.7

**Description**

Published to the GitHub Advisory Database

Dec 26, 2025

Last updated

Dec 26, 2025

**EPSS score**

GHSA-g5p6-3j82-xfm4: Croogo CMS has a path traversal vulnerability

A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes a segmentation fault, potentially leading to a denial-of-service (DoS).

Skip to content

**Navigation Menu**

*   *   AI CODE CREATION
        
        *   GitHub CopilotWrite better code with AI
            
        *   GitHub SparkBuild and deploy intelligent apps
            
        *   GitHub ModelsManage and compare prompts
            
        *   MCP RegistryNewIntegrate external tools
            
        
    
    View all features
    

*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

Appearance settings

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2025-25341

**libxmljs has segmentation fault, potentially leading to a denial-of-service (DoS)**

High severity GitHub Reviewed Published Dec 26, 2025 to the GitHub Advisory Database • Updated Dec 26, 2025

**Package**

npm libxmljs (npm)

**Affected versions**

<= 1.0.11

**Description**

Published to the GitHub Advisory Database

Dec 26, 2025

Last updated

Dec 26, 2025

**EPSS score**

GHSA-jv72-59wq-8rxm: libxmljs has segmentation fault, potentially leading to a denial-of-service (DoS)

Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.

Skip to content

**Navigation Menu**

*   *   AI CODE CREATION
        
        *   GitHub CopilotWrite better code with AI
            
        *   GitHub SparkBuild and deploy intelligent apps
            
        *   GitHub ModelsManage and compare prompts
            
        *   MCP RegistryNewIntegrate external tools
            
        
    
    View all features
    

*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

Appearance settings

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2025-68944

**Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries**

Moderate severity GitHub Reviewed Published Dec 26, 2025 to the GitHub Advisory Database • Updated Dec 26, 2025

**Package**

gomod code.gitea.io/gitea (Go)

**Affected versions**

< 1.22.2

**Description**

Published to the GitHub Advisory Database

Dec 26, 2025

Last updated

Dec 26, 2025

**EPSS score**

GHSA-f85h-c7m6-cfpm: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries

Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.

Skip to content

**Navigation Menu**

*   *   AI CODE CREATION
        
        *   GitHub CopilotWrite better code with AI
            
        *   GitHub SparkBuild and deploy intelligent apps
            
        *   GitHub ModelsManage and compare prompts
            
        *   MCP RegistryNewIntegrate external tools
            
        
    
    View all features
    

*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

Appearance settings

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2025-68943

**Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order**

Moderate severity GitHub Reviewed Published Dec 26, 2025 to the GitHub Advisory Database • Updated Dec 26, 2025

**Package**

gomod code.gitea.io/gitea (Go)

**Affected versions**

< 1.21.8

**Description**

Published to the GitHub Advisory Database

Dec 26, 2025

Last updated

Dec 26, 2025

**EPSS score**

GHSA-jhx5-4vr4-f327: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order

In Gitea before 1.21.2, an anonymous user can visit a private user's project.

Skip to content

**Navigation Menu**

*   *   AI CODE CREATION
        
        *   GitHub CopilotWrite better code with AI
            
        *   GitHub SparkBuild and deploy intelligent apps
            
        *   GitHub ModelsManage and compare prompts
            
        *   MCP RegistryNewIntegrate external tools
            
        
    
    View all features
    

*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

Appearance settings

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2025-68945

**Gitea: anonymous user can visit private user's project**

Moderate severity GitHub Reviewed Published Dec 26, 2025 to the GitHub Advisory Database • Updated Dec 26, 2025

**Package**

gomod code.gitea.io/gitea (Go)

**Affected versions**

< 1.21.2

**Description**

Published to the GitHub Advisory Database

Dec 26, 2025

Last updated

Dec 26, 2025

**EPSS score**

GHSA-7xq4-mwcp-q8fx: Gitea: anonymous user can visit private user's project

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS.

Skip to content

**Navigation Menu**

*   *   AI CODE CREATION
        
        *   GitHub CopilotWrite better code with AI
            
        *   GitHub SparkBuild and deploy intelligent apps
            
        *   GitHub ModelsManage and compare prompts
            
        *   MCP RegistryNewIntegrate external tools
            
        
    
    View all features
    

*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

Appearance settings

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2025-68946

**Gitea vulnerable to Cross-site Scripting**

Moderate severity GitHub Reviewed Published Dec 26, 2025 to the GitHub Advisory Database • Updated Dec 26, 2025

**Package**

gomod code.gitea.io/gitea (Go)

**Affected versions**

< 1.20.1

**Description**

Published to the GitHub Advisory Database

Dec 26, 2025

Last updated

Dec 26, 2025

**EPSS score**

GHSA-hq57-c72x-4774: Gitea vulnerable to Cross-site Scripting

Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.

Skip to content

**Navigation Menu**

*   *   AI CODE CREATION
        
        *   GitHub CopilotWrite better code with AI
            
        *   GitHub SparkBuild and deploy intelligent apps
            
        *   GitHub ModelsManage and compare prompts
            
        *   MCP RegistryNewIntegrate external tools
            
        
    
    View all features
    

*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

Appearance settings

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2025-68942

**Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text**

Moderate severity GitHub Reviewed Published Dec 26, 2025 to the GitHub Advisory Database • Updated Dec 26, 2025

**Package**

gomod code.gitea.io/gitea (Go)

**Affected versions**

< 1.22.2

**Description**

Published to the GitHub Advisory Database

Dec 26, 2025

Last updated

Dec 26, 2025

**EPSS score**

Tag

#intel