Threat Post

Old Attack Exploits New Java Reflection API Flaw

Researchers have discovered a new vulnerability in the Java Reflection API that can be exploited by a decade-old attack. No Java component has had a bigger bull’s eye on its back this year than the ...
Threat Post

Java Reflection API Woes Resurface in Latest Oracle Patches

Oracle’s Critical Patch update addresses 154 vulnerabilities, many of which are remotely exploitable. Security Explorations of Poland, meanwhile, published details on a number of Java flaws in the ...
SecurityWeek

Cisco ISE, CitrixBleed 2 Vulnerabilities Exploited as Zero-Days: Amazon

A threat actor was seen exploiting two critical Citrix and Cisco vulnerabilities as zero-days weeks before patches were ...
InfoWorld

Book Review: Java Reflection in Action

The book Java Reflection in Action was published in 2004, but remains largely applicable eight years later. In this post, I review this book and cover its strengths and its weaknesses. In general, age ...

Hackers exploited Citrix, Cisco ISE flaws in zero-day attacks

An advanced threat actor exploited the critical vulnerabilities "Citrix Bleed 2" (CVE-2025-5777) in NetScaler ADC and Gateway, and CVE-2025-20337 affecting Cisco Identity Service Engine (ISE) as ...
InfoWorld

Make an EJB from any Java class with Java Reflection

Every EJB application server allows you to install an EJB if you provide a bean implementation, remote interface, and a home interface but, in most cases, you have to write them yourself. That is ...