Serialization is the process of converting a Java object into a sequence of bytes so they can be written to disk, sent over a network, or stored outside of memory. Later, the Java virtual machine (JVM ...

JDK 26 moves to general production availability. This short-term release is backed by six months of Premier-level support. Java Development Kit (JDK) 26, the latest standard Java release from Oracle, ...

Abstract: Java deserialization vulnerabilities have become a critical security threat, challenging to detect and even harder to exploit due to deserialization's flexible and customizable nature.

SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The ...

On September 18, 2025, Fortra published a security advisory regarding a critical deserialization vulnerability in GoAnywhere MFT’s License Servlet, which is tracked as CVE-2025-10035 and has a CVSS ...

‘Third time’s the charm?’ asks a prominent security researcher after what appears to be the same critical Java deserialization flaw gets a third security update. SolarWinds has released a third patch ...

CVE-2025-26399 is a patch bypass of CVE-2024-28988, which is a patch bypass of the exploited CVE-2024-28986. SolarWinds on Tuesday announced a hotfix for a remote code execution (RCE) vulnerability in ...

A critical Sitecore zero-day vulnerability is under active exploitation in the latest series of ViewState deserialization attacks this year. The vulnerability, tracked as CVE-2025-53690 and disclosed ...

PortSwigger’s Director of Research, James Kettle presents latest research at Black Hat USA / DEF CON 2025 KNUTSFORD, England–(BUSINESS WIRE)–PortSwigger, a renowned application security software ...

Adobe released emergency updates for two zero-day flaws in Adobe Experience Manager (AEM) Forms on JEE after a PoC exploit chain was disclosed that can be used for unauthenticated, remote code ...