A recent blog post by FoxGlove Security that described remotely executable exploits against several major middleware products including WebSphere, WebLogic, and JBoss has focused attention on what ...

Vulnerabilities can be tricky to detect. Identifying flaws in third-party and downline vendors can be even more difficult to detect, often because of the ways libraries interact with each other.

The .NET ecosystem is affected by a similar flaw that has wreaked havoc among Java apps and developers in 2016. The flaw is in how .NET coding libraries handle deserialization operations, leading to ...

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor. The ...

Oracle's latest Critical Patch Update, the first of 2017, left Java security maven and Waratek CTO John Matthew Holt scratching his head about Big O's fix for a particular vulnerability: CVE 2017-3241 ...

Recently, on the "Ask The Architect" session from the Devoxx UK 2018 conference, Oracle's chief architect, Mark Reinhold, shared his thoughts about Java’s serialization mechanism which he called a ...