This Week in Spring - January 26th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this, I cannot believe we're nearly at the end of the month! Time sure flies. Spring AI 2.0.0-M2 is available now Spring Modulith 2.1 M1, 2.0.2, and 1.4.7 released In last week's installment of A Bootiful Podcast ,...

EUVD-2021-22694

Malware in sbrugna...

EUVD-2017-15100

Malware in sbrugna...

EUVD-2019-6568

Malware in sbrugna...

EUVD-2025-27463

Malicious code in bioql PyPI...

EUVD-2025-14677

Malicious code in bioql PyPI...

EUVD-2021-31530

Malicious code in bioql PyPI...

EUVD-2022-2998

Malicious code in bioql PyPI...

CVE-2025-54255

Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not...

CVE-2025-54255 Acrobat Reader | Violation of Secure Design Principles (CWE-657)

Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not...

CVE-2022-30707

Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00, CENTUM series where CAMS function is used CENTUM VP, CENTUM VP Small, and...

CVE-2019-15611

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications...

From Assistants to Adversaries: Exploring the Security Risks of Mobile LLM Agents

The growing adoption of large language models LLMs has led to a new paradigm in mobile computing--LLM-powered mobile AI agents--capable of decomposing and automating complex tasks directly on smartphones. However, the security implications of these agents remain largely unexplored. In this paper,...

The vulnerability of the software platform for developing and managing Adobe Commerce B2B, related to violations of secure design principles, allows attackers to enhance their privileges.

The vulnerability of the software platform for developing and managing Adobe Commerce B2B is related to the violation of secure design principles. Exploiting this vulnerability can allow a malicious actor, operating remotely, to enhance their privileges...

Spring Framework 6.2.0-M1: Overriding Beans in Tests

Spring Framework 6.2.0-M1 has been released, including changes that resolve more than one hundred issues. Among those are a range of new features in Spring's testing support. In this post, I’d like to walk you through one of these new testing features: Bean Overriding support. The previous state ...

BIT-MAGENTO-2021-28583 Magento Commerce insecure storage of sensitive documentation

Magento versions 2.4.2 and earlier, 2.4.1 and earlier and 2.3.6 and earlier are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources...

Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections

A new study has demonstrated that it's possible for passive network attackers to obtain private RSA host keys from a vulnerable SSH server by observing when naturally occurring computational faults that occur while the connection is being established. The Secure Shell SSH protocol is a method for...

CISA, NSA, FBI, and International Partners Release Updated Secure by Design Guidance

Today, the U.S. Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA, and Federal Bureau of Investigation FBI released an update to Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by- Design and -Default with the following...

NSA and CISA Release Advisory on Top Ten Cybersecurity Misconfigurations

Today, the National Security Agency NSA and Cybersecurity and Infrastructure Security Agency CISA released a joint cybersecurity advisory CSA, NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations, which provides the most common cybersecurity misconfigurations in large...

CVE-2023-29320 ZDI-CAN-20712: Adobe Acrobat Blacklist Bypass Design flaw

Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting feature. Exploitation of th...