A vulnerability (CVE-2025-22234) in various Spring Security versions allows attackers to exploit timing attacks to determine valid usernames, jeopardizing user enumeration defenses. Affected versions include 5.7.16 and 6.4.4. Mitigations include upgrading to patched versions or seeking commercial support. The flaw, discovered by Jonas Robl, is rated Medium severity. Patches are available via HeroDevs’ support.
North Korean Group Creates Fake Crypto Firms in Job Complex Scam
A North Korean-backed group known as the Famous Chollima or Contagious Interview has been luring job seekers into installing malware using fake job interviews. To
