News

Bleeping Computer3y
New Spring Java framework zero-day allows remote code execution
A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, allowing unauthenticated remote code execution on applications.
CSOonline3y
Remote code execution flaws in Spring and Spring Cloud frameworks put ...
Early reports about the existence of a remote code execution vulnerability led to some people confusing it with CVE-2022-22963, a flaw in Spring Cloud Function that was patched Tuesday and whose ...
Ars Technica3y
Zero-day in ubiquitous Log4j tool poses a grave threat to the Internet
Moore and other researchers said the Java deserialization bug stems from Log4j making network requests through the JNDI to an LDAP server and executing any code that's returned.
Bleeping Computer3y
New zero-day exploit for Log4j Java library is an ... - BleepingComputer
Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises ...