Java deserialization vulnerability (CVE-2015-4852) more widespread than expected

By Teemu Kääriäinen

Vulnerability CVE-2015-4852 has been detected in widely used Apache Commons Collections library. The vulnerable library in question is in use in various software, such as WebLogic.

Read more

These 30 vulnerabilities are used to attack critical infrastructure

By Juha-Matti Laurio
Information security authorities recently published a list of the most common vulnerabilities used in attacks against critical infrastructure organisations.
Read more

How to disclose a vulnerability responsibly

By Juha-Matti Laurio
Last March there were a couple of interesting vulnerability disclosures that merit a closer look from a disclosure point of view.
In early March, payment-processing software from the Finnish vendor Basware was discovered to have two vulnerabilities that can be used for e.g. creating fake transactions.
Read more
Subscribe to Vulnerabilities