AI is code – and can't be prompted into being smarter
From Java tests to Shai-Hulud, bots keep proving they'll swallow anything you feed them
Java is a programming language and runtime platform whose libraries and frameworks require secure configuration and timely patches to reduce vulnerabilities.
Search across headline titles and summaries.
Background for this topic.
Java is a class-based programming language and runtime ecosystem centered on the Java Virtual Machine (JVM), which executes compiled bytecode across operating systems. It powers server applications, desktop tools, and embedded software. A Java deployment commonly includes the JDK or runtime, application frameworks, third-party libraries, and build components; each layer can introduce security-relevant behavior or vulnerabilities.
Security issues may affect the JVM itself, bundled libraries, or application code. Untrusted Java deserialization, unsafe class loading, injection flaws, and incorrect TLS or cryptography configuration can create exploitable paths when present in a particular application. Defenders should inventory the exact JDK and dependencies, monitor applicable advisories, remove unnecessary components, and test and apply updates. Code review and testing should specifically examine deserialization and other handling of untrusted input rather than assuming the language’s security APIs make applications safe by default.
Weekly headline count for the current query.
From Java tests to Shai-Hulud, bots keep proving they'll swallow anything you feed them
BellSoft survey finds 48% prefer pre‑hardened images over managing vulnerabilities themselves Java developers still struggle to secure containers, with nearly half (48 percent) saying they'd rather delegate security to providers of hardened containers than worry about making their own container security decisions.…
Patch up: The Spring framework dominates the Java ecosystem If you're running an application built using the Spring development framework, now is a good time to check it's fully updated – a new, critical-severity vulnerability has just been disclosed.…
Lack of awareness still blamed for patching apathy despite it being among most infamous bugs of all time Two years after the Log4Shell vulnerability in the open source Java-based Log4j logging utility was disclosed, circa one in four applications are dependent on outdated libraries, leaving them open to exploitation.…
C/C++ on the bench, as US snoop HQ puts its trust in Rust, C#, Go, Java, Ruby, Swift The NSA has released guidance encouraging organizations to shift programming languages from the likes of C and C++ to memory-safe alternatives – namely C#, Rust, Go, Java, Ruby or Swift.…
There is a madness to the methods Boffins at universities in France, Germany, Luxembourg, and Sweden took a deep dive into known Java deserialization vulnerabilities, and have now resurfaced with their findings. In short, they've drawn attention to the ways in which libraries can accidentally introduce serious security flaws.…
Java and Python packages are the first on the list Google has a plan — and a new product plus a partnership with developer-focused security shop Snyk — that attempts to make it easier for enterprises to secure their open source software dependencies.…
Whole new meaning for zero consequences Java versions 15 to 18 contain a flaw in its ECDSA signature validation that makes it trivial for miscreants to digitally sign files and other data as if they were legit organizations.…
But this time the patch should do the trick Apache has taken another shot at fixing a critical remote code execution vulnerability in its Struts 2 framework for Java applications – because the first patch, issued in 2020, didn't fully do the trick.…
You didn't have any plans for the weekend anyway, did you? Another Java Remote Code Execution vulnerability has reared its head, this time in the popular Spring Framework and, goodness, it's a nasty one.…
Cluster tech vulnerability means either patching or port tinkering could be on the cards Atlassian has demonstrated the interconnectedness of all things with a warning that some versions of Bitbucket Data Center and Confluence Data Center require patching courtesy of the Hazelcast Java deserialization vulnerability.…