#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

JAVA Framework | Breaking Cybersecurity News | The Hacker News

Category — JAVA Framework
CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

Feb 28, 2023 Software Security / Cyber Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  added  a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. Tracked as  CVE-2022-36537  (CVSS score: 7.5), the issue impacts ZK Framework versions 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2, and 8.6.4.1, and allows threat actors to retrieve sensitive information via specially crafted requests. "The ZK Framework is an open source Java framework," CISA  said . "This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager." The  vulnerability  was patched in May 2022 in versions 9.6.2, 9.6.0.2, 9.5.1.4, 9.0.1.3, and 8.6.4.2. As  demonstrated  by Huntress in a proof-of-concept (PoC) in October 2022, the vulnerability can be weaponized to bypass authentication, upload a backdoored JDBC database driver to gain code execution, and deploy r...
Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

Dec 01, 2022 Kubernetes / Vulnerability Management
A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as  CVE-2022-4116  (CVSS score: 9.8), the shortcoming could be trivially abused by a malicious actor without any privileges. "The vulnerability is found in the Dev UI Config Editor, which is vulnerable to drive-by localhost attacks that could lead to remote-code execution (RCE)," Contrast Security researcher Joseph Beeton, who reported the bug,  said  in a write-up. Quarkus, developed by Red Hat, is an  open source project  that's used for creating Java applications in  containerized  and serverless environments. It's worth pointing out that the  issue  only impacts developers who are running Quarkus and are tricked into visiting a specially crafted website, which is embedded with malicious JavaScript code designed to install or execute arbitrary payload...
From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

Jan 06, 2025SaaS Security / Threat Detection
In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)—a 75% increase from last year—and phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024 ). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout players, unexpected underdogs, and relentless scorers leaving their mark on the SaaS security playing field.  As we enter 2025, security teams must prioritize SaaS security risk assessments to uncover vulnerabilities, adopt SSPM tools for continuous monitoring, and proactively defend their systems. Here are the Cyber Threat All-Stars to watch out for—the MVPs, rising stars, and master strategists who shaped the game. 1. ShinyHunters: The Most Valuable Player Playstyle: Precision Shots (Cybercriminal Organization) Biggest Wins: Snowflake, Ticketmaster and Authy Notable Drama: Exploited on...
Remote Execution Flaw Threatens Apps Built Using Spring Framework — Patch Now

Remote Execution Flaw Threatens Apps Built Using Spring Framework — Patch Now

Apr 06, 2018
Security researchers have discovered three vulnerabilities in the Spring Development Framework, one of which is a critical remote code execution flaw that could allow remote attackers to execute arbitrary code against applications built with it. Spring Framework is a popular, lightweight and an open source framework for developing Java-based enterprise applications. In an advisory released today by Pivotal, the company detailed following three vulnerabilities discovered in Spring Framework versions 5.0 to 5.0.4, 4.3 to 4.3.14, and older unsupported versions: Critical : Remote Code Execution with spring-messaging (CVE-2018-1270) High : Directory Traversal with Spring MVC on Windows (CVE-2018-1271) Low : Multipart Content Pollution with Spring Framework (CVE-2018-1272) Vulnerable Spring Framework versions expose STOMP clients over WebSocket endpoints with an in-memory STOMP broker through the 'spring-messaging' module, which could allow an attacker to send a mali...
cyber security

Secure Your Azure: Proactive Tips for Cloud Protection

websiteWizCloud Security
Discover how to boost your Azure cloud security with practical steps to help you maintain control and visibility.
Expert Insights / Articles Videos
Cybersecurity Resources