CSOonline

Cloud assets have 115 vulnerabilities on average — some several years old

The state of cloud security has reached a critical tipping point, as attackers increasingly turn attention to cloud environments that enterprises aren’t doing enough to secure. Companies are having a ...
The Record

Spring confirms ‘Spring4Shell’ zero-day, releases patched update

Earlier this week, experts released details on a remote code execution (RCE) vulnerability affecting the Spring Framework. Digital Shadows co-founder James Chappell told The Record that the Spring ...
thecyberexpress

Black Basta Chat Logs Reveal Ransomware Group’s TTPs, IoCs

The Black Basta ransomware group has fallen off dramatically in 2025, and chat logs leaked recently show that internal squabbling may be behind the group’s slowed activity. Cyble threat intelligence ...
Security

How to use Runtime Security to protect risks to both APIs and legacy COTS

It used to be that the weakest link in the enterprise IT security chain was the user, but times have changed. Nowadays, the weakest link is bifurcated: One prong consists of vulnerable/misconfigured ...
Dark Reading

Years-Old, Unpatched GWT Vuln Leaves Apps Open to Server-Side RCE

More than eight years after it first came to light, an unauthenticated Java deserialization vulnerability lurking in the Google Web Toolkit open source application framework remains unpatched, and ...
GitHub

deserialization-vulnerability

Peas create serialized payload for deserialization RCE attack on python driven applications where pickle ,pyYAML, ruamel.yaml or jsonpickle module is used for deserialization of serialized data. I ...
InfoQ

Dealing with Java CVEs: Discovery, Detection, Analysis, and Resolution

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...