Businesses have been at work since last week investigating whether their applications or third-party software products are vulnerable to Spring4Shell, a critical remote code execution (RCE) vulnerability impacting Spring Framework, one of the most popular development frameworks for Java applications. While exploitation attempts have already been observed in the wild, the rate at which developers are updating their Spring instances appears to be slow going.
According to Sonatype, the company that maintains Maven Central, the biggest repository of Java components and libraries, 80% of Spring downloads since March 31 when the flaw was confirmed have continued to be for vulnerable versions of the framework. Maven Central integrates with many development tools, so the data suggests that developers are not in a rush to upgrade their Spring instances.
To read this article in full, please click here
More Stories
FBI Shuts Down Chinese Botnet
The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types...
Western Agencies Warn Risk from Chinese-Controlled Botnet
Cyber and law enforcement agencies across the “Five Eyes” countries issue warning about large-scale botnet linked to Chinese firm and...
8000 Claimants Sue Outsourcing Giant Capita Over 2023 Data Breach
A Manchester law firm has filed a lawsuit against outsourcing giant Capita, representing nearly 8000 claimants who were affected by...
FCC $200m Cyber Grant Pilot Opens Applications for Schools and Libraries
US Schools and libraries have until November 1, 2024 to enrol for a three-year program during which participants will receive...
Cryptojacking Gang TeamTNT Makes a Comeback
Group-IB claims to have found evidence of a new TeamTNT cryptojacking campaign Read More
Insecure APIs and Bot Attacks Cost Global Firms $186bn
Thales claims API insecurity and automated bot abuse is costing organizations an estimated $186bn annually Read More