Global FeedMay 22

Fastjson 1.2.68 finally patches the Autotype flaw. The update blocks dynamic method calls and tightens type resolution, stopping remote‑code‑execution vectors that arise from deserializing untrusted JSON. If you still run older versions, upgrade now to keep your services safe.

#Fastjson #SecurityPatch #JSONDeserialization #Infosec #OpenSource

🔗 https://www.cnblogs.com/tr1ple/p/13489260.html

Fastjson1.2.68 绕Autotype的一点总结 - tr1ple - 博客园

这篇文章主要总结学习目前网上关于1.2.68下绕过Autotype的一些方法用到的思路。 前置知识: checkautotype因为是对要进行反序列化的类进行检测的方法 所以我们只需要让其返回Class类型的实例即可 一般会有以下几种情况通过验证: 1.autoTypeCheckHandlers不为

HackerWorkspaceMay 21

Google accidentally exposed details of unfixed Chromium flaw

https://www.bleepingcomputer.com/news/security/google-accidentally-exposed-details-of-unfixed-chromium-flaw/

Read on HackerWorkspace: https://hackerworkspace.com/article/google-accidentally-exposed-details-of-unfixed-chromium-flaw

#vulnerability #exploit #securitypatch

Google accidentally exposed details of unfixed Chromium flaw

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background even when the browser is closed, allowing remote code execution on the device.

BleepingComputer
HackerWorkspaceMay 15

SANS Stormcast Friday, May 15th, 2026: Website Fraud; Outlook Link Preview Bug; NGINX Vuln; Cisco 0-Day

https://isc.sans.edu/podcastdetail/9934

Read on HackerWorkspace: https://hackerworkspace.com/article/sans-stormcast-friday-may-15th-2026-website-fraud-outlook-link-preview-bug-nginx-vuln-cisco-0-day

#vulnerability #phishing #securitypatch

kaasweMay 14

Christ flies off to heaven, what else to do than update your Linux servers?

It's cold as hell.... (strange expression) and the rain is pouring down. It's a 'stay inside' day today.

#securitypatch #linux #shitposting

HackerWorkspaceMay 14

SANS Stormcast Thursday, May 14th, 2026: Flexbile Windows Proxy; News from Nightmare Eclipse; A…

https://www.youtube.com/watch?v=-T1x8rCIblA

#vulnerability #exploit #securitypatch

SANS Stormcast Thursday, May 14th, 2026: Flexbile Windows Proxy; News from Nightmare Eclipse; A…

YouTube
github.com/ghostwriterMay 13

🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

⚠️ Update NOW or disable GitHub Actions immediately!

https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/

#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

Composer 2.9.8 and 2.2.28 fix GitHub Actions token disclosure in error messages

Please immediately update Composer to version 2.9.8 or 2.2.28 (LTS) by running composer.phar self-update. The new releases fix a vulnerability where Composer leaks the full contents of GitHub Actions issued GITHUB_TOKENs or GitHub App installation tokens to the GitHub Actions logs. GitHub introduced a

Private Packagist
HackerWorkspaceMay 13

SANS Stormcast Wednesday, May 13th, 2026: Microsoft Patch Tuesday; Large npm/pypi Compromise; R…

https://www.youtube.com/watch?v=aUficRwDQ6s

#malware #vulnerability #securitypatch

SANS Stormcast Wednesday, May 13th, 2026: Microsoft Patch Tuesday; Large npm/pypi Compromise; R…

YouTube
HackerWorkspaceMay 12

Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-rce-flaws-in-fortisandbox-and-fortiauthenticator/

Read on HackerWorkspace: https://hackerworkspace.com/article/fortinet-warns-of-critical-rce-flaws-in-fortisandbox-and-fortiauthenticator

#vulnerability #exploit #securitypatch

Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator

Fortinet has released security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or arbitrary code.

BleepingComputer
HackerWorkspaceMay 12

SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA

https://www.bleepingcomputer.com/news/security/sap-fixes-critical-vulnerabilities-in-commerce-cloud-and-s-4hana/

Read on HackerWorkspace: https://hackerworkspace.com/article/sap-fixes-critical-vulnerabilities-in-commerce-cloud-and-s-4hana

#vulnerability #exploit #securitypatch

SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA

SAP has released the May 2026 security updates addressing 15 vulnerabilities across multiple products, including two critical flaws in the Commerce Cloud enterprise-grade e-commerce platform and the S/4HAN ERP suite.

BleepingComputer
HackerWorkspaceMay 10

cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now

https://thehackernews.com/2026/05/cpanel-whm-patch-3-new-vulnerabilities.html

Read on HackerWorkspace: https://hackerworkspace.com/article/cpanel-whm-release-fixes-for-three-new-vulnerabilities-patch-now

#vulnerability #exploit #securitypatch

cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now

cPanel patched three vulnerabilities, including two 8.8 CVSS flaws, reducing risks of code execution and privilege escalation.

The Hacker News