IEEE

LiteCobra: Enhancing Java Deserialization Vulnerability Detection with Call Graph Pruning

Abstract: Java deserialization vulnerabilities have become a critical security threat, challenging to detect and even harder to exploit due to deserialization's flexible and customizable nature.
GitHub

Vulnerability: XMLDecoder Deserialization Vulnerability (Java RCE) in Ladybug < 3.0-20251107.114628

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...
The Hacker News

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The ...
Dark Reading

Sitecore Zero-Day Sparks New Round of ViewState Threats

A critical Sitecore zero-day vulnerability is under active exploitation in the latest series of ViewState deserialization attacks this year. The vulnerability, tracked as CVE-2025-53690 and disclosed ...
CSOonline

Big hole in big data: Critical deserialization bug in Apache Parquet allows RCE

A flaw in code for handling Parquet, Apache’s open-source columnar data file format, allows attackers to run arbitrary code on vulnerable instances. The vulnerability, tracked as CVE-2025-30065, is a ...
InfoWorld

How to handle type erasure in advanced Java generics

Type erasure in Java generics programming can cause a variety of problems in your code. Fortunately, there are ways to work around them. Generics programming in Java enhances type safety and code ...
Bleeping Computer

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers

Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial ...
TheServerSide

How to download and install Java 21 on Windows

Community driven content discussing all aspects of software development from DevOps to design patterns. The latest long-term support (LTS) release of the JDK is Java 21, which was released in ...
USA Today

'Criminals are preying on Windows users': Software subject of CISA, cybersecurity warnings

The U.S. Cybersecurity and Infrastructure Security Agency added a vulnerability in Microsoft's Windows 10 software to a list of exploited security weak spots. CISA said that "Microsoft COM for Windows ...
TWCN Tech News

Java is not recognized as internal or external command

There are various instances of this issue that we get such as JAVAC’, JRE, ‘MVN’, JAR’ is not recognized as an internal or external command, operable program or batch file, ‘Java’ is not recognized as ...
STAREAST

How to Choose the Right Java Version for Your Needs

Java is one of the top programming languages. One of the choices Java developers often have to make is the Java version to install. The choice becomes complicated due to the multitude of ...