Numerous vulnerabilities have recently been discovered in Spring, a widely-used Java Web app development framework from VMware, with notable ones being CVE-2022-22965 (Spring4Shell RCE) and CVE-2022-22963 (Spring Cloud Function RCE). Detectify has promptly responded by providing scanning modules for these vulnerabilities, initially for Surface Monitoring customers and later for Application Scanning users. The Spring Cloud Function vulnerability was patched shortly after disclosure, while Spring4Shell remains a critical 0-day issue, with its potential impact compared to the notorious Log4Shell vulnerability. Detectify employs various methods, such as payload-based scanning and fuzzing, to detect these vulnerabilities, emphasizing the importance of both source code assessment and black box analysis for comprehensive coverage. As these threats are reportedly being exploited, Detectify is actively developing and releasing new modules, advising customers to scan critical assets promptly, and offering a free trial for non-customers to start scanning immediately.