Adobe has issued critical security updates for ColdFusion versions 2023 and 2021 to fix a high-severity vulnerability (CVE-2024-53961) that could lead to unauthorized file system access. The vulnerability, which can be exploited remotely and without user interaction, is addressed in the updates, which Adobe urges users to install immediately. The company also advises regular reviews of their security resources and ColdFusion Lockdown Guides.
Critical Open Source Easyjson Library Under Full Control of Russian Company
Researchers revealed that easyjson, a crucial Go package for JSON serialization, is controlled by Moscow-based developers from VK Group, raising significant security concerns. This foreign
