Tech News
Back to home
Technology

SAP warns of high-severity vulnerabilities in multiple products

Source

Ars Technica

Published

TL;DR

AI Generated

SAP has issued a warning about high-severity vulnerabilities in multiple products, including a critical flaw rated 10 out of 10 in its NetWeaver platform. This vulnerability, tracked as CVE-2025-42944, allows unauthenticated attackers to execute commands via malicious payloads on an open port. The maximum-severity threat is related to a deserialization vulnerability, a process that translates and reconstructs data structures. With hackers already exploiting vulnerabilities in SAP's ERP software, users are urged to take immediate action to secure their systems.

Read Full Article

Similar Articles

Two UK teens charged in connection to Scattered Spider ransomware attacks

Two UK teens charged in connection to Scattered Spider ransomware attacks

UK teenager Thalha Jubair has been charged by federal prosecutors for his involvement in the Scattered Spider ransomware attacks on 47 US companies, resulting in over $115 million in ransom payments. The group demanded hefty ransoms from victims after breaching their networks and threatened to publish or sell confidential data. Another UK teen, Owen Flowers, was also charged in connection with a cyberattack on Transport for London. The recovery effort for the agency's public transit system lasted months due to the breach.

Ars Technica
Japan to subsidize undersea cable vessels over 'very serious' national security concerns — will front up to half the cost for $300 million vessels bought by NEC

Japan to subsidize undersea cable vessels over 'very serious' national security concerns — will front up to half the cost for $300 million vessels bought by NEC

Japan plans to subsidize NEC's purchase of cable-laying ships to bolster national security. The government is willing to cover up to half of the $300 million cost per vessel. NEC, a major player in undersea cables, currently leases ships but faces security risks due to reliance on charters. The move comes amid rising concerns over undersea cable attacks globally. NEC sees owning ships as a strategic advantage despite the financial commitment.

Tom's Hardware
U.S. places $11 million bounty on Ukrainian ransomware mastermind — Tymoshchuk allegedly stole $18 billion from large companies over 3 years

U.S. places $11 million bounty on Ukrainian ransomware mastermind — Tymoshchuk allegedly stole $18 billion from large companies over 3 years

The United States has placed an $11 million bounty on Volodymyr Tymoshchuk, a Ukrainian man accused of orchestrating ransomware attacks that stole a total of $18 billion over three years. Tymoshchuk allegedly masterminded the MegaCortex, LockerGoga, and Nefilim attacks, targeting American companies, health institutions, and foreign industrial firms. The attacks involved encrypting files and demanding ransom payments. If extradited and found guilty, Tymoshchuk could face life in prison for charges related to computer damage and threatening to disclose private information. The indictment also implicates Tymoshchuk's involvement with other cybercriminals, including his co-defendant Artem Stryzhak.

Tom's Hardware
Malware found hidden in image files, can dodge antivirus detection entirely — VirusTotal discovers undetected SVG phishing campaign

Malware found hidden in image files, can dodge antivirus detection entirely — VirusTotal discovers undetected SVG phishing campaign

A recent report from VirusTotal reveals a sophisticated phishing campaign that used weaponized SVG files to deliver malware, spoof a government agency, and evade antivirus detection entirely. The SVG files contained active code that, when opened, displayed a fake web portal leading to the download of malicious files. This attack leveraged the ability of SVGs to support embedded HTML and JavaScript, allowing them to act as full phishing kits. The campaign included 44 previously undetected phishing SVGs, highlighting the evolving tactics of hackers. Security experts warn users to be cautious with unknown SVG files, as they can be used as a powerful delivery vector for malware.

Tom's Hardware

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.