Security Boulevard

Beyond detection: Understanding vulnerability reachability in SCA

In 2024, more than 40,000 Common Vulnerabilities and Exposures (CVEs) were created and disclosed for vulnerabilities in open source software. Couple this with our own research indicating that the ...
TheServerSide

How Java 17 records work

Java has always been criticized for being too verbose. While that criticism is largely unfounded, language architects and community enthusiasts have always strived to make the language simpler and ...
Bleeping Computer

Hackers exploit BleedingPipe RCE to target Minecraft servers, players

Hackers are actively exploiting a 'BleedingPipe' remote code execution vulnerability in Minecraft mods to run malicious commands on servers and clients, allowing them to take control of the devices.
GitHub

java.lang.IllegalArgumentException: Invalid lambda deserialization

used by: java.io.IOException: unexpected exception type at java.base/java.io.ObjectStreamClass.throwMiscException(ObjectStreamClass.java:1641) at java.base/java.io ...
GitHub

KeycloakPrincipal and KeycloakSecurityContext break ObjectInputStream serialization by modifying the stream's filterPattern

This is not a safe thing to do, in general, because the ObjectInputStream may contain objects after the KeycloakPrincipal that are unrelated to Keycloak, and the ...
SecurityWeek

Remote Code Execution Vulnerability Patched in Apache OFBiz

One of the vulnerabilities addressed by the latest update for Apache OFBiz is an unsafe Java deserialization issue that could be exploited to execute code remotely, without authentication. One of the ...