deserialization vulnerability

Deserialization vulnerabilities continue to pose significant risks in modern IT infrastructure, and CVE-2025-29793 is the latest reminder that even trusted platforms like Microsoft Office SharePoint can harbor dangerous flaws. In this case, the vulnerability stems from the insecure handling of...

Rockwell Automation’s Lifecycle Services combined with Veeam Backup and Replication have long been trusted by industrial organizations to manage critical infrastructure and data resilience. However, a recently disclosed vulnerability has set off alarm bells among cybersecurity professionals and...

A recent advisory from CISA has shed light on a serious vulnerability affecting Trimble Cityworks, an asset and work management system popular in critical infrastructure sectors such as water and wastewater systems. If you’re responsible for deploying or managing Windows systems tied to Trimble...

In today’s world of increasingly intelligent control systems, a new vulnerability has come to light that every industrial control systems (ICS) operator should note—especially if you're using Schneider Electric’s EcoStruxure Power Monitoring Expert (PME). This vulnerability, identified as...

A critical new vulnerability has emerged within the Microsoft Update Catalog known as CVE-2024-49147. This flaw represents a significant risk, as it allows unauthorized attackers to exploit the deserialization of untrusted data, granting them the potential to elevate their privileges on the...