While the Java and .NET deserialization issues were limited to third-party libraries, having deserialization issues impact Ruby itself greatly increases a hacker's attack surface.

Last month, Oracle's chief architect, Mark Reinhold, said during a conference Q&A that one of Oracle's long-term goals is to change the way Java handles object serialization. In fact, he called the ...

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor. The ...