Critical vulnerability in Ruby's standard library ERB:attackers can execute code

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install ...
InfoWorld

Basic and advanced Java serialization

Serialization is the process of converting a Java object into a sequence of bytes so they can be written to disk, sent over a network, or stored outside of memory. Later, the Java virtual machine (JVM ...
Hacker

Rust Tips: Saving Collections of Trait Objects Made Easy with typetag

SysAdmin/DevOps/PE. Helped bunch of users to host their websites, Macy's with CI, Facebook with lots of things. SysAdmin/DevOps/PE. Helped bunch of users to host their websites, Macy's with CI, ...
GitHub

Kryo Java Serialization Library for Windows Developers

Kryo is an open source Java serialization framework used to convert Java objects to a binary format and back. Kryo enables developers to persist objects to files, databases or send them over a network ...
The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt ...
Bleeping Computer

Hackers exploited Sitecore zero-day flaw to deploy backdoors

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. The flaw, tracked under CVE-2025-53690, is a ViewState ...
SecurityWeek

Hackers Exploit Sitecore Zero-Day for Malware Delivery

Threat actors have been using an exposed ASP.NET machine key for remote code execution (RCE) on vulnerable Sitecore deployments, Google warns. Adversaries used a sample machine key that was included ...
SecurityWeek

SAP Patches Critical Flaws That Could Allow Remote Code Execution, Full System Takeover

SAP has released patches for multiple insecure deserialization vulnerabilities in NetWeaver that could lead to full system compromise. Enterprise software maker SAP on Tuesday announced the release of ...
The Hacker News

Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection

Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files ...
CSOonline

Cisco’s ISE bugs could allow root-level command execution

Cisco is warning enterprise admins of two critical flaws within its identity and access management (IAM) solution, Identity Services Engine (ISE), that could allow attackers to obtain unauthorized ...
pharmaceuticalcommerce

Arvato Systems, Advanco Form Serialization Partnership

The collaboration is centered around meeting track-and-trace requirements. Arvato Systems, an IT specialist and multi-cloud service provider that supplies serialization solutions for the ...