java security

Apache Commons Lang’s ClassUtils.getClass(...) can be driven into uncontrolled recursion by very long inputs (CVE‑2025‑48924), but Microsoft’s public wording that “Azure Linux includes this open‑source library and is therefore potentially affected” is a product‑scoped attestation — authoritative...

CVE-2022-3509 is a parsing bug in Google’s Protocol Buffers Java implementation that can be triggered by crafted text‑format messages to force excessive object churn and long JVM garbage‑collection pauses, producing a denial‑of‑service (DoS) condition in vulnerable applications; operators should...

Waratek’s Locker promised a practical "bring your own security" (BYOS) approach for Java applications on Microsoft Azure — a lightweight, JVM‑embedded container that applies Runtime Application Self‑Protection (RASP) policies without touching application code — and while the idea remains...

We've recently been having problems with redirects when clicking the links of search results in our browsers (IE and Firefox). We tried a few different virus scans and nothing was able to find it. However, we did realize that Microsoft Security Essentials would not run when we clicked the...