SAP Patches Critical Vulnerabilities in NetWeaver, Approuter, Commerce Cloud

The flaws could allow attackers to access and modify data, and cause system unavailability and request-response desynchronization.

The post SAP Patches Critical Vulnerabilities in NetWeaver, Approuter, Commerce Cloud appeared first on SecurityWeek.

SecurityWeek – ​Read More

Telegram’s t.me Links Go Offline After Registry Places Domain on serverHold

Telegram’s t.me links stopped resolving after the .ME registry applied serverHold. The app still works, while the reason for the domain action remains unknown.

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

SEO is not dead: 5 ways to win more citations from AI search

Now that AI chat is becoming the new status quo of search engines, the rules for staying visible have changed for small businesses and solopreneurs.

Latest news – ​Read More

US, Allies Warn of Russian Cyberattacks Targeting Critical Infrastructure Routers

Multiple state-sponsored APTs are compromising poorly secured devices across critical infrastructure sector networks.

The post US, Allies Warn of Russian Cyberattacks Targeting Critical Infrastructure Routers appeared first on SecurityWeek.

SecurityWeek – ​Read More

Millions of Microsoft Entra Accounts Targeted in OAuth Client ID Spoofing Campaigns

Proofpoint details how attackers spoof OAuth client IDs to probe Microsoft Entra accounts, test credentials and bypass common sign-in detections at cloud scale.

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

Grok Build Uploads Entire Git Repositories to xAI Storage, Not Just Files It Reads

xAI’s Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed.

A researcher publishing as cereblab, testing version 0.2.93, captured one of those uploads, cloned the git bundle out of the intercepted request, and pulled back a file the agent had been told in plain terms not

The Hacker News – ​Read More

Valarian Raises $50 Million for Sovereign Infrastructure Control Layer

UK-based cybersecurity firm Valarian has raised a total of $70 million for its ACRA technology.

The post Valarian Raises $50 Million for Sovereign Infrastructure Control Layer appeared first on SecurityWeek.

SecurityWeek – ​Read More

I changed these 12 YouTube settings to limit Shorts, stop autoplay, protect my privacy, and more

YouTube works well with default settings, but I tighten some privacy controls and enable a few features to make it even better.

Latest news – ​Read More

148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

A campaign of 148 npm packages disguised as student web proxies turned visitors’ browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog.

The packages did not go after the developers who might install them. The operators used the registry as free hosting for a booby-trapped proxy site and let the students who came to dodge

The Hacker News – ​Read More

Multiple Jscrambler Packages Impacted by Supply Chain Attack

A threat actor poisoned several Jscrambler NPM package versions to drop a cross-platform credential stealer.

The post Multiple Jscrambler Packages Impacted by Supply Chain Attack appeared first on SecurityWeek.

SecurityWeek – ​Read More