Threat Post

Java, Python FTP Injection Attacks Bypass Firewalls

Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses. Newly disclosed FTP injection ...
Dark Reading

Zero Day Java Vulnerability Allows McRat Trojan Infections

A newly discovered zero-day vulnerability in the most recent versions of Java 6 and Java 7 is being actively exploited by attackers to install malicious software on vulnerable PCs. "We detected a ...
CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...
InfoWorld

Unpatched Java vulnerability exploited in targeted attacks, researchers say

The malware installed in the attacks seen so far appears to be a variant of Poison Ivy, a remote administration Trojan program Attackers are exploiting a new and unpatched vulnerability that affects ...
Dark Reading

Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool

The prompt-injection issue in the agentic AI product for filesystem operations was a sanitization issue that allowed for ...
ZDNet

New Java trojan and old MS Word vulnerabilities need patching

According to fresh warnings by security vendor Intego, another Java vulnerability is attacking Macs that haven't been patched with Apple's Java for OS X Lion 2012-002 and Java for Mac OS X 10.6 Update ...
Bleeping Computer

Critical Apache Struts RCE vulnerability wasn't fully fixed, patch now

Apache has fixed a critical vulnerability in its vastly popular Struts project that was previously believed to have been resolved but, as it turns out, wasn't fully remedied. As such, Cybersecurity ...
The Next Web

New Java vulnerability is being exploited in the wild, disabling Java is currently your only option

A new Java 0-day vulnerability has been discovered, and is already being exploited in the wild. Currently, disabling the plugin is the only way to protect your computer. Update on December 11: ...
PC World

Critical Java updates fix 19 vulnerabilities, disable SSL 3.0

Oracle released new security updates for Java to fix 19 vulnerabilities and disable default support for SSL 3.0, an outdated version of the secure communications protocol that is vulnerable to attacks ...
Computerworld

Researchers find critical vulnerability in Java 7 patch hours after release

Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released Thursday that can be exploited to escape the ...
Ars Technica

Apple has yet to patch “critical” Java vulnerability

Mac OS X contains a serious security vulnerability in its implementation of Java, according to several security experts. The vulnerability remains in the software even after Sun had disclosed and ...