CSO Online

SolarWinds WHD zero-days from January are under attack

Analysis of real-world incidents reveals that attackers are chaining multiple flaws to compromise the ticketing and support ...

Cross-Platform Applications with Rust 2: Crux in Use

With Rust and the Crux framework, cross-platform apps can be implemented with a clear core, UI separation, and ...
IEEE

LiteCobra: Enhancing Java Deserialization Vulnerability Detection with Call Graph Pruning

Abstract: Java deserialization vulnerabilities have become a critical security threat, challenging to detect and even harder to exploit due to deserialization's flexible and customizable nature.
GitHub

Vulnerability: XMLDecoder Deserialization Vulnerability (Java RCE) in Ladybug < 3.0-20251107.114628

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...
SecurityWeek

Critical Windows Server WSUS Vulnerability Exploited in the Wild

Microsoft on Thursday released out-of-band updates to patch a critical vulnerability impacting the Windows Server Update Service (WSUS), and exploitation of the flaw was seen just hours later. WSUS is ...
USA Today

In-N-Out expansion continues with 5 new locations 'opening soon'

Five new golden arrows are soon set to rise. In-N-Out's expansion is continuing, as the company lists five locations across three states as "opening soon." Three of the locations will be in Tennessee, ...
Microsoft

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability

On September 18, 2025, Fortra published a security advisory regarding a critical deserialization vulnerability in GoAnywhere MFT’s License Servlet, which is tracked as CVE-2025-10035 and has a CVSS ...
GitHub

software-engineering-and-security/gadgetbuilder

For more information, we refer to the reference publication. If you are overwhelmed by the fragment construction (trampoline + chain + sinkadapter), do not worry! We set default values (here) for ...
The Hacker News

Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability

Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands. The vulnerability, tracked as ...
SecurityWeek

DELMIA Factory Software Vulnerability Exploited in Attacks

A deserialization of untrusted data in the MOM software allows attackers to achieve remote code execution. Threat actors are exploiting a critical-severity vulnerability in DELMIA Apriso factory ...
Dark Reading

Sitecore Zero-Day Sparks New Round of ViewState Threats

A critical Sitecore zero-day vulnerability is under active exploitation in the latest series of ViewState deserialization attacks this year. The vulnerability, tracked as CVE-2025-53690 and disclosed ...