Deserialization Vulnerability

Blue Mockingbird Monero-Mining Campaign Exploits Web Apps

Posted on May 7, 2020 by Tara Seals

The cybercriminals are using a deserialization vulnerability, CVE-2019-18935, to achieve remote code execution before moving laterally through the enterprise. Continue reading Blue Mockingbird Monero-Mining Campaign Exploits Web Apps→

New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now

Posted on June 19, 2019 by Unknown

Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server.

According to Oracle, the vulnerability—which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of … Continue reading New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now→

New PHP Code Execution Attack Puts WordPress Sites at Risk

Posted on August 17, 2018 by Wang Wei

Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered funct… Continue reading New PHP Code Execution Attack Puts WordPress Sites at Risk→