Microsoft

Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize ...
heise online

SAP Patch Day: NetWeaver vulnerability allows code injection

Admins of SAP installations will have work on Tuesday this week: SAP has released advisories for 15 vulnerabilities in the company's products. Some of these are critical vulnerabilities that allow the ...
Forbes

SAP Security In 2026: Five Trends Reshaping Enterprise Risk

SAP systems sit at the heart of thousands of enterprises, and they’re under growing threat. 2025 marked a significant shift in the SAP space: More high-severity vulnerabilities are being identified ...
Ars Technica

SAP warns of high-severity vulnerabilities in multiple products

As hackers exploit a high-severity vulnerability in SAP’s flagship Enterprise Resource Planning software product, the software maker is warning users of more than two dozen newly detected ...
Bleeping Computer

SAP fixes maximum severity NetWeaver command execution flaw

SAP has addressed 21 new vulnerabilities affecting its products, including three critical severity issues impacting the NetWeaver software solution. SAP NetWeaver is the foundation for SAP's business ...
SecurityWeek

SAP Patches Critical NetWeaver Vulnerabilities

The critical-severity NetWeaver flaws could be exploited for remote code execution and privilege escalation. SAP on Tuesday announced 21 new and four updated security notes, including four notes that ...
CSOonline

Patch Tuesday priorities: Vulnerabilities in SAP NetWeaver and Microsoft NTLM and Hyper-V

NetWeaver AS Java hole, rated severity 10, allows an unauthenticated attacker to execute arbitrary OS commands, and NTLM bug is rated likely for exploitation, warn security vendors. CISOs with SAP ...
Network World

SAP data sovereignty service lets customers run cloud workloads inside their data centers

SAP customers will be able to achieve a new level of data sovereignty and independence by running workloads entirely within their own datacenters, the German ERP giant has promised. SAP Sovereign ...
Infosecurity-magazine.com

Public Exploit Released for Critical SAP NetWeaver Flaw

A critical vulnerability in SAP NetWeaver AS Java Visual Composer, tracked as CVE-2025-31324, is now being widely exploited following the release of public exploit tooling. The flaw, patched in April ...
Infosecurity-magazine.com

Auto-Color Backdoor Malware Exploits SAP Vulnerability

A new backdoor malware campaign targeting Linux systems and exploiting a critical vulnerability in SAP has been uncovered by cybersecurity researchers. The malware, known as Auto-Color, was deployed ...
The Hacker News

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to ...