The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe ...
InfoWorld

The Java serialization algorithm revealed

Serialization is the process of saving an object’s state to a sequence of bytes; deserialization is the process of rebuilding those bytes into a live object. The Java Serialization API provides a ...
InfoWorld

Oracle plans to dump risky Java serialization

Oracle plans to drop from Java its serialization feature that has been a thorn in the side when it comes to security. Also known as Java object serialization, the feature is used for encoding objects ...
Dark Reading

Why The Java Deserialization Bug Is A Big Deal

A recent blog post by FoxGlove Security that described remotely executable exploits against several major middleware products including WebSphere, WebLogic, and JBoss has focused attention on what ...
CSOonline

Java deserialization vulnerabilities explained and how to defend against them

Java provides a means to conveniently serialize data to maintain its integrity as it's sent over a network. Attackers can exploit vulnerabilities in the deserialization process if there aren't ...
adtmag.com

Removing Serialization from Java Is a 'Long-Term Goal' at Oracle

Oracle's chief architect says his company intends to remove serialization from Java -- eventually. Answering a question during a live-streamed session at the recent Devoxx UK 2018 conference called ...