CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...

CISA flags Apache ActiveMQ flaw as actively exploited in attacks

CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this ...

Experts flag potentially critical security issues at heart of Anthropic MCP

Anthropic sees no issues - and says the tools are working as intended.
AllAfrica on MSN

Orengo protests attack on Senator Osotsi, demands swift justice as DCI arrests three suspects

Siaya Governor James Orengo has formally protested the attack on Vihiga Senator Godfrey Osotsi's and the delayed prosecution of the culpable individuals terming the incident a serious breach of ...
CSO Online

Seven IBM WebSphere Liberty flaws can be chained into full takeover

A pre‑authentication bug in SAML Web SSO, combined with weak access controls and cryptography, allows attackers to escalate privileges and achieve remote code execution.
IEEE

.NET security: lessons learned and missed from Java

Abstract: Many systems execute untrusted programs in virtual machines (VMs) to limit their access to system resources. Sun introduced the Java VM in 1995, primarily intended as a lightweight platform ...
dbta

Oracle Releases Java 25 with Enhancements to the Platform’s Performance, Security, and Stability

Oracle is releasing Java 25, the latest version of the world’s number one programming language and development platform, helping organizations drive business growth by delivering thousands of ...
ZDNet

Canonical's OpenJDK builds promise Java devs more speed - and a whopping 12 years of security support

With Ubuntu Pro, Canonical's OpenJDK build includes 12 years of support. 'Chiseled' builds are faster, more secure than other OpenJDK builds. Canonical is aligning Ubuntu's and OpenJDK's release ...