A critical bug in Java's implementation of ECDSA (CVE-2022-21449) can allow an attacker to forge a signature or certificate to deliver virtually any payload.
The previously discovered RCE flaw in the Spring framework is being leveraged by attackers to deploy the Mirai botnet malware.
A remote code execution flaw in the Spring Java framework has been uncovered, and exploits are circulating in some places.
The widespread usage of Log4j is adding complexity to organizations attempting to apply patches.
It hasn’t even been a year since the Equifax breach was made public, and Apache has fixed yet another another critical vulnerability in the Struts web application framework. Does your incident response plan include assessing the risk exposure and deploying defenses on top of patch management?