Ars Technica

Deserialize single/multiple JSON objects into C# - Issues with single objects

So I'm whipping up something quick and dirty for a work project. I've got a C# class that is all string types, nothing fancy, and once the item is created it gets serialized with the new ...
CSOonline

APT group hits IIS web servers with deserialization flaws and memory-resident malware

A sophisticated, likely government-sponsored threat actor has been compromising major public and private organizations over the past year by exploiting deserialization flaws in public-facing ASP.NET ...
Dark Reading

Why The Java Deserialization Bug Is A Big Deal

A recent blog post by FoxGlove Security that described remotely executable exploits against several major middleware products including WebSphere, WebLogic, and JBoss has focused attention on what ...
CSOonline

Big hole in big data: Critical deserialization bug in Apache Parquet allows RCE

A flaw in code for handling Parquet, Apache’s open-source columnar data file format, allows attackers to run arbitrary code on vulnerable instances. The vulnerability, tracked as CVE-2025-30065, is a ...