A vulnerability (CVE-2025-22234) in various Spring Security versions allows attackers to exploit timing attacks to determine valid usernames, jeopardizing user enumeration defenses. Affected versions include 5.7.16 and 6.4.4. Mitigations include upgrading to patched versions or seeking commercial support. The flaw, discovered by Jonas Robl, is rated Medium severity. Patches are available via HeroDevs’ support.
Largest telecom in Africa warns of cyber incident exposing customer data – The Record from Recorded Future News
Africa’s largest telecom company is warning customers of a cyber incident that exposed their personal data. The company has not disclosed the extent of the
