The Hacker News

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The ...
Ars Technica

SAP warns of high-severity vulnerabilities in multiple products

As hackers exploit a high-severity vulnerability in SAP’s flagship Enterprise Resource Planning software product, the software maker is warning users of more than two dozen newly detected ...
TechRadar

SAP users patch now - worrying S/4HANA vulnerability being exploited in the wild

SAP patches critical S/4HANA flaw which allowed full system takeover Attackers can inject ABAP code and bypass authorization using RFC Some systems remain unpatched, and confirmed abuse has already ...
The Daily Telegraph

M&S hackers claim responsibility for Jaguar Land Rover attack

The teenage hacking group that brought down Marks & Spencer has claimed responsibility for the cyber attack that has forced Jaguar Land Rover to shut down assembly lines. The cyber groups Scattered ...
Infosecurity-magazine.com

Public Exploit Released for Critical SAP NetWeaver Flaw

A critical vulnerability in SAP NetWeaver AS Java Visual Composer, tracked as CVE-2025-31324, is now being widely exploited following the release of public exploit tooling. The flaw, patched in April ...
SecurityWeek

New Exploit Poses Threat to SAP NetWeaver Instances

A new public exploit chains two critical flaws in SAP NetWeaver, exposing unpatched instances to code execution attacks. Dozens of SAP NetWeaver instances are susceptible to compromise after a threat ...
CSOonline

Auto-Color RAT targets SAP NetWeaver bug in an advanced cyberattack

Attackers tried chaining the just-patched SAP Netweaver bug with the stealthy Auto-Color Linux RAT for a multi-stage compromise. Threat actors recently tried to exploit a freshly patched max-severity ...
heise online

SAP Patchday: NetWeaver products are vulnerable to malware attacks

On Patchday in July, SAP developers closed a total of five "critical" security vulnerabilities. In the worst case scenario, malicious code can compromise systems. So far, there are no indications that ...
TechRadar

French government hit by Chinese hackers exploiting Ivanti security flaws

Three zero-day flaws in Ivanti CSA solutions were abused to grab login credentials The group likely sold the access to French government devices Researchers are attributing the attacks to Chinese ...
SecurityWeek

Critical Vulnerability Patched in SAP NetWeaver

Enterprise software maker SAP on Tuesday announced the release of 14 new security patches as part of its June 2025 Security Patch Day, including a note addressing a critical-severity vulnerability in ...
CIO

IBM’s massive SAP S/4HANA migration pays off

Big Blue’s ERP journey has brought efficiencies and easier management, along with practical insights into the challenges its customers face in moving to SAP on the cloud. IBM is at SAP’s Sapphire ...
Dark Reading

Critical SAP NetWeaver Vuln Faces Barrage of Cyberattacks

Ransomware groups and Chinese advanced persistent threat (APT) groups are targeting a critical vulnerability in SAP NetWeaver weeks after it was disclosed and patched by the vendor through an ...