Exploring a hidden attack surface in C++ serialization libraries. "Let's serialize pointers and complex structures! What could possibly go wrong?" Deserialization attacks have grown in popularity over the past decade, with major flaws hitting tech giants and modern frameworks— even in 2025. Last July, a question came to mind: "What...

Read the original article