JDK 26 moves to general production availability. This short-term release is backed by six months of Premier-level support. Java Development Kit (JDK) 26, the latest standard Java release from Oracle, ...

Abstract: Java deserialization vulnerabilities have become a critical security threat, challenging to detect and even harder to exploit due to deserialization's flexible and customizable nature.

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...

SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The ...

For more information, we refer to the reference publication. If you are overwhelmed by the fragment construction (trampoline + chain + sinkadapter), do not worry! We set default values (here) for ...

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. The flaw, tracked under CVE-2025-53690, is a ViewState ...

A critical Sitecore zero-day vulnerability is under active exploitation in the latest series of ViewState deserialization attacks this year. The vulnerability, tracked as CVE-2025-53690 and disclosed ...

A flaw in code for handling Parquet, Apache’s open-source columnar data file format, allows attackers to run arbitrary code on vulnerable instances. The vulnerability, tracked as CVE-2025-30065, is a ...

CISA is warning Adobe and Oracle customers about in-the-wild exploitation of critical vulnerabilities affecting the services of these leading enterprise software providers. The US cybersecurity ...

Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial ...

Researchers at Reversing Labs have discovered two malicious machine learning (ML) models available on Hugging Face, the leading hub for sharing AI models and applications. While these models contain ...