CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...
Decrypt

Amazon Web Services Marketplace Adds Chainlink Crypto Oracle Services

Amazon’s Chainlink integration lets enterprises connect cloud infrastructure with blockchain networks through familiar AWS ...
Analytics Insight

Top Spring Boot Courses for Java Developers to Learn in 2026

Strong Java basics build a solid path for Spring Boot learning.Real projects improve understanding and job readiness.Cloud ...
SecurityWeek

Oracle Patches 450 Vulnerabilities With April 2026 CPU

The April 2026 Oracle CPU includes 481 new security patches addressing 450 unique CVEs across 28 product families.
ARN

Azul’s channel fuelling customer growth

Enterprise Java platform vendor Azul reported its channel and alliance ecosystem continued to be a major growth engine in ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...
The Next Web

Google just launched its agentic enterprise play, and it runs from chip to inbox

Google launches AI agent suite at Cloud Next 2026 with Workspace Studio, A2A protocol at 150 orgs, and Project Mariner. The pitch: only Google owns the full stack.
Enterprise Times

Security and AI news for the two weeks beginning 13 April 2026

This is a two-week catch-up after attendance at the NTT Research Upgrade 2026 conference and GrafanaCon 2026 in the last ...
InfoWorld

Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core

Patching is not enough: applications embedding the insecure library will need to be rebuilt, and affected tokens and cookies expired. Developers are advised to check their applications after Microsoft ...
InfoWorld

Malicious pgserve, automagik developer tools found in npm registry

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...

Over 100 Chrome Web Store extensions steal user accounts, data

More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, ...