CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...
Dark Reading

Another Java Zero-Day Vulnerability Hits Black Market

Call it malware cash and carry: Less than 24 hours after Oracle Sunday released a security update that addresses two critical zero-day vulnerabilities in Java that are being actively exploited by ...
ZDNet

New Java trojan and old MS Word vulnerabilities need patching

According to fresh warnings by security vendor Intego, another Java vulnerability is attacking Macs that haven't been patched with Apple's Java for OS X Lion 2012-002 and Java for Mac OS X 10.6 Update ...
PC World

Critical Java updates fix 19 vulnerabilities, disable SSL 3.0

Oracle released new security updates for Java to fix 19 vulnerabilities and disable default support for SSL 3.0, an outdated version of the secure communications protocol that is vulnerable to attacks ...

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...
ZDNet

Severe Swagger vulnerability compromises NodeJS, PHP, Java

Researchers have discovered a vulnerability within the Swagger specification which may place tools based on NodeJS, PHP, Ruby, and Java at risk of exploit. According to Rapid7, the vulnerability has ...
Macworld

Researchers find critical vulnerability in Java 7 patch hours after release

Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released Thursday that can be exploited to escape the ...
MacRumors

Apple Releases Java Update to Fix New Zero-Day Vulnerability

Apple has pushed a new release of Java 6 that fixes a new vulnerability discovered just a few days ago. Somewhat confusingly, Apple delivers updates to Java 6, while Oracle delivers updates directly ...
Ars Technica

Apple has yet to patch “critical” Java vulnerability

Mac OS X contains a serious security vulnerability in its implementation of Java, according to several security experts. The vulnerability remains in the software even after Sun had disclosed and ...
CNN

Critical Java vulnerability due to incomplete earlier patch

The critical Java vulnerability that is currently under attack was made possible by an incomplete patch Oracle developers issued last year to fix an earlier security bug, a researcher said. The ...
Network World

Critical Java updates fix 19 vulnerabilities, disable SSL 3.0

Oracle released new security updates for Java to fix 19 vulnerabilities and disable default support for SSL 3.0, an outdated version of the secure communications protocol that is vulnerable to attacks ...