Threat Post

Java, Python FTP Injection Attacks Bypass Firewalls

Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses. Newly disclosed FTP injection ...
CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...
Computerworld

Researchers find critical vulnerability in Java 7 patch hours after release

Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released Thursday that can be exploited to escape the ...
Bleeping Computer

Latest Code Injection news

Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability.
SD Times

Azul significantly cuts down on false positives in Java vulnerability detection with latest update to Azul Intelligence Cloud

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
PC World

New vulnerability in Java 7 opens door to 10-year-old attack, researchers say

Security researchers from Polish vulnerability research firm Security Explorations claim to have identified a new vulnerability in Java 7 that could allow attackers to bypass the software’s security ...
Dark Reading

Java Vulnerability Affects 1 Billion Plug-ins

Anyone still using a Java plug-in in their Web browser, beware: Another major, new--and as yet unpatched--vulnerability has been spotted in Java. Unfortunately, unlike a number of the other, recently ...
CSOonline

New Log4Shell-like vulnerability impacts H2 Java SQL database

Researchers warn of critical Java flaw impacting the console of the H2 Java SQL database. Users are advised to update their H2 database to mitigate remote code execution risk. Researchers have warned ...
ZDNet

Severe Swagger vulnerability compromises NodeJS, PHP, Java

Researchers have discovered a vulnerability within the Swagger specification which may place tools based on NodeJS, PHP, Ruby, and Java at risk of exploit. According to Rapid7, the vulnerability has ...
AppleInsider

Security firm warns of Java vulnerability in Mac OS X

The version of Java that Apple currently includes with Mac OS X contains a critical security vulnerability that has gone unrepaired for months and may put Mac OS X users at risk, Mac security software ...

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...