Critical vulnerability in Ruby's standard library ERB:attackers can execute code

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install ...
InfoWorld

Basic and advanced Java serialization

Serialization is the process of converting a Java object into a sequence of bytes so they can be written to disk, sent over a network, or stored outside of memory. Later, the Java virtual machine (JVM ...
Hacker

Rust Tips: Saving Collections of Trait Objects Made Easy with typetag

SysAdmin/DevOps/PE. Helped bunch of users to host their websites, Macy's with CI, Facebook with lots of things. SysAdmin/DevOps/PE. Helped bunch of users to host their websites, Macy's with CI, ...
IEEE

LiteCobra: Enhancing Java Deserialization Vulnerability Detection with Call Graph Pruning

Abstract: Java deserialization vulnerabilities have become a critical security threat, challenging to detect and even harder to exploit due to deserialization's flexible and customizable nature.
The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt ...
Bleeping Computer

Hackers exploited Sitecore zero-day flaw to deploy backdoors

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. The flaw, tracked under CVE-2025-53690, is a ViewState ...
Dark Reading

Sitecore Zero-Day Sparks New Round of ViewState Threats

A critical Sitecore zero-day vulnerability is under active exploitation in the latest series of ViewState deserialization attacks this year. The vulnerability, tracked as CVE-2025-53690 and disclosed ...
SecurityWeek

Hackers Exploit Sitecore Zero-Day for Malware Delivery

Threat actors have been using an exposed ASP.NET machine key for remote code execution (RCE) on vulnerable Sitecore deployments, Google warns. Adversaries used a sample machine key that was included ...
SecurityWeek

SAP Patches Critical Flaws That Could Allow Remote Code Execution, Full System Takeover

SAP has released patches for multiple insecure deserialization vulnerabilities in NetWeaver that could lead to full system compromise. Enterprise software maker SAP on Tuesday announced the release of ...
The Hacker News

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible ...
CSOonline

Cisco’s ISE bugs could allow root-level command execution

Cisco is warning enterprise admins of two critical flaws within its identity and access management (IAM) solution, Identity Services Engine (ISE), that could allow attackers to obtain unauthorized ...