CRN

CISA Warns Of SolarWinds Java Exploit

'These types of vulnerabilities are frequent attack vectors,' CISA says in a post online. A government agency is warning about threat actors exploiting a Java deserialization remote code execution ...
Threat Post

Critical RCE Vulnerability in ForgeRock OpenAM Under Active Attack

The attacks are enabled by a (fixed) vulnerability in ForgeRock’s Access Management, a popular platform that front-ends web apps and remote-access setups. Attackers are actively exploiting a critical, ...
CSOonline

Java deserialization vulnerabilities explained and how to defend against them

Java provides a means to conveniently serialize data to maintain its integrity as it's sent over a network. Attackers can exploit vulnerabilities in the deserialization process if there aren't ...
PC World

PayPal is the latest victim of Java deserialization bugs in Web apps

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor. The ...
CRN

Microsoft Warns Of 'Unprecedented' Rise In Java Exploits

Microsoft warned users about an "unprecedented wave of Java exploitation" in 2010, enabling hackers to use widespread Java vulnerabilities to launch malicious attacks. Thus far in 2010, Microsoft ...
Bleeping Computer

Critical ColdFusion flaws exploited in attacks to drop webshells

Update 7/17/23: The article was updated due to a mistaken warning added by Adobe to its email notification. However, a newer version of the bug was seen by Rapid7 to be actively exploited. Hackers are ...
CSOonline

APT group hits IIS web servers with deserialization flaws and memory-resident malware

A sophisticated, likely government-sponsored threat actor has been compromising major public and private organizations over the past year by exploiting deserialization flaws in public-facing ASP.NET ...