Critical vulnerability in Ruby's standard library ERB:attackers can execute code

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install ...
finalweapon

Fairy Tail Manga is Getting a Short-Term Serialization in Shonen Jump

To celebrate the 20th anniversary of the Fairy Tail manga series, creator Hiro Mashima will launch a short-term serialization for the manga in Weekly Shonen Jump. The Fairy Tail manga will resume in ...
InfoQ

JDK 26 and JDK 27: What We Know So Far

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
GitHub

Kryo Java Serialization Library for Windows Developers

Kryo is an open source Java serialization framework used to convert Java objects to a binary format and back. Kryo enables developers to persist objects to files, databases or send them over a network ...
Bleeping Computer

SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws

SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software. The authentication bypass ...
InfoWorld

Oracle unveils Java development plans for 2026

OpenJDK project teams will focus work on features such as value types, code reflection, AOT compilation, and structured concurrency in the coming year. Oracle’s Java team in 2026 will work toward ...
CSOonline

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The React 19 library for building application interfaces was hit with a remote code vulnerability, React2Shell, about a month ago. However, as researchers delve deeper into the bug, the larger picture ...
The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt ...
InfoQ

InfoQ Java Trends Report 2025

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...
GitHub

Vulnerability: XMLDecoder Deserialization Vulnerability (Java RCE) in Ladybug < 3.0-20251107.114628

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...
winbuzzer.com

Microsoft Issues Emergency Patch for Actively Exploited Windows Server Flaw CVE-2025-59287

Microsoft has released an urgent out-of-band security update to fix a critical vulnerability in its Windows Server Update Services (WSUS). The flaw, CVE-2025-59287, allows attackers to execute code ...