SecurityWeek

From Open Source to OpenAI: The Evolution of Third-Party Risk

Software supply chain attacks are evolving as open source and AI-generated code introduce new third-party risks. Learn how ...

Apache Commons Text: Code injection vulnerability in older versions

Apache Commons Text is used for processing character strings in Java apps. A critical vulnerability allows the injection of ...
InfoWorld

React2Shell is the Log4j moment for front end development

Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...
InfoWorld

Azul acquires enterprise Java middleware provider Payara

The acquisition marks a moment in enterprise Java innovation and builds on nearly eight years of collaboration between Azul and Payara, according to Azul. This collaboration between with the two began ...
GitHub

bi-zone/Log4j_Detector

Log4Shell is a serious remote code execution (RCE) vulnerability in Log4j logging library, which is widely used in Java applications. Because it's often difficult to check whether the specific app is ...
GitHub

christian-taillon/log4shell-hunting

Log4j interpolates the string and, as instructed, queries the "a" record of the attacker controlled ldap server. The ldap server responds with the directory info which is a malicious java class, ...