Insecure Deserialization Explained: How Attackers Exploit It and How to Prevent It
Introduction When PTC’s Windchill software was hit by a CVSS 9.3 critical vulnerability in June 2026 — one actively exploited to plant webshells on manufacturing and engineering systems — the root cause was not a novel attack technique. It was insecure deserialization. The same class of vulnerability that hit Apache Struts, Oracle WebLogic, and Java-based … Read more