InfoQ

Remotely Exploitable Java Zero Day Exploits through Deserialization

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...
Dark Reading

New PHP Exploit Chain Highlights Dangers of Deserialization

PHP unserialization attacks have been well known for some time, but a new exploitation method explained last week at Black Hat USA in Las Vegas demonstrated that the attack surface for PHP ...
CSOonline

APT group hits IIS web servers with deserialization flaws and memory-resident malware

A sophisticated, likely government-sponsored threat actor has been compromising major public and private organizations over the past year by exploiting deserialization flaws in public-facing ASP.NET ...
Dark Reading

Adobe Patches Critical Deserialization Vulnerability, but Exploits Persist

CISA has added a vulnerability — cataloged as CVE-2023-26359 — to the Known Exploited Vulnerabilities Catalog with a CVSS score of 9.8 due to active exploitation. The vulnerability is a ...
Bleeping Computer

Exploit code released for critical Ivanti RCE flaw, patch now

A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. The ...
ZDNet

'Praying Mantis' threat actor targeting Windows internet-facing servers with malware

Windows internet-facing servers are being targeted by a new threat actor operating "almost completely in-memory," according to a new report from the Sygnia Incident Response team. The report said that ...
Ars Technica

Android app from China executed 0-day exploit on millions of devices

Android apps digitally signed by China’s third-biggest e-commerce company exploited a zero-day vulnerability that allowed them to surreptitiously take control of millions of end-user devices to steal ...