#jobs #incident #vulnerability #security-tools #patch-management #ai #malware #detection-engineering #exploit #cloud #phishing #ransomware #authentication #breach #zero-day
Articles tagged with: #deserialization Clear filter
CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA Adds Three Known Exploited Vulnerabilities to Catalog

All CISA Advisories www.cisa.gov

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2024-8069 Citrix Session Recording Deserialization of Untrusted Data Vulnerability CVE-2024-8068 Citrix Session Recording Improper Privilege Management Vulnerability CVE-2025-48384 Git Link Following Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise....

#vulnerability #patch-management #deserialization #incident #exploit
PickleBall: Secure Deserialization of Pickle-based Machine Learning Models

PickleBall: Secure Deserialization of Pickle-based Machine Learning Models

cs.CR updates on arXiv.org arxiv.org

arXiv:2508.15987v1 Announce Type: new Abstract: Machine learning model repositories such as the Hugging Face Model Hub facilitate model exchanges. However, bad actors can deliver malware through compromised models. Existing defenses such as safer model formats, restrictive (but inflexible) loading policies, and model scanners have shortcomings: 44.9% of popular models on Hugging Face still use the insecure pickle format, 15% of these cannot be loaded by restrictive loading policies, and model...

#deserialization #malware
Microsoft IIS Web Deploy Vulnerability Let Attackers Execute Remote Code

Microsoft IIS Web Deploy Vulnerability Let Attackers Execute Remote Code

Cyber Security News cybersecuritynews.com

A critical vulnerability in the Microsoft Web Deploy tool could allow authenticated attackers to execute remote code on affected systems. The vulnerability, tracked as CVE-2025-53772, was disclosed on August 12, 2025, and carries a CVSS score of 8.8, indicating high severity. The flaw stems from the deserialization of untrusted data in Web Deploy, classified under

#security-tools #vulnerability #patch-management #deserialization