Critical vulnerability in Ruby's standard library ERB:attackers can execute code

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install ...
Hacker

Rust Tips: Saving Collections of Trait Objects Made Easy with typetag

SysAdmin/DevOps/PE. Helped bunch of users to host their websites, Macy's with CI, Facebook with lots of things. SysAdmin/DevOps/PE. Helped bunch of users to host their websites, Macy's with CI, ...
GitHub

Kryo Java Serialization Library for Windows Developers

Kryo is an open source Java serialization framework used to convert Java objects to a binary format and back. Kryo enables developers to persist objects to files, databases or send them over a network ...
The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt ...
Microsoft

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability

On September 18, 2025, Fortra published a security advisory regarding a critical deserialization vulnerability in GoAnywhere MFT’s License Servlet, which is tracked as CVE-2025-10035 and has a CVSS ...
Bleeping Computer

SAP fixes maximum severity NetWeaver command execution flaw

SAP has addressed 21 new vulnerabilities affecting its products, including three critical severity issues impacting the NetWeaver software solution. SAP NetWeaver is the foundation for SAP's business ...
Dark Reading

Sitecore Zero-Day Sparks New Round of ViewState Threats

A critical Sitecore zero-day vulnerability is under active exploitation in the latest series of ViewState deserialization attacks this year. The vulnerability, tracked as CVE-2025-53690 and disclosed ...
SecurityWeek

Hackers Exploit Sitecore Zero-Day for Malware Delivery

Threat actors have been using an exposed ASP.NET machine key for remote code execution (RCE) on vulnerable Sitecore deployments, Google warns. Adversaries used a sample machine key that was included ...
SecurityWeek

SAP Patches Critical Flaws That Could Allow Remote Code Execution, Full System Takeover

SAP has released patches for multiple insecure deserialization vulnerabilities in NetWeaver that could lead to full system compromise. Enterprise software maker SAP on Tuesday announced the release of ...
The Hacker News

Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection

Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files ...
CSOonline

Cisco’s ISE bugs could allow root-level command execution

Cisco is warning enterprise admins of two critical flaws within its identity and access management (IAM) solution, Identity Services Engine (ISE), that could allow attackers to obtain unauthorized ...