SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers

Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. 
“The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue,” ReliaQuest said in a report published this week.
The cybersecurity

The Hacker News – ​Read More

Why NHIs Are Security’s Most Dangerous Blind Spot

When we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not involve human credentials at all, as we witness the exponential growth of Non-Human Identities (NHIs). 
At the top of mind when NHIs are mentioned, most security teams immediately think of Service Accounts.

The Hacker News – ​Read More

RSA Conference 2025 – Pre-Event Announcements Summary (Part 2) 

Hundreds of companies are showcasing their products and services next week at the 2025 edition of the RSA Conference in San Francisco.

The post RSA Conference 2025 – Pre-Event Announcements Summary (Part 2)  appeared first on SecurityWeek.

SecurityWeek – ​Read More

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions.
The vulnerabilities, flagged by cybersecurity vendor OPSWAT, are listed below –

CVE-2025-27610 (CVSS score: 7.5) – A path traversal

The Hacker News – ​Read More

All Major Gen-AI Models Vulnerable to ‘Policy Puppetry’ Prompt Injection Attack

A new attack technique named Policy Puppetry can break the protections of major gen-AI models to produce harmful outputs.

The post All Major Gen-AI Models Vulnerable to ‘Policy Puppetry’ Prompt Injection Attack appeared first on SecurityWeek.

SecurityWeek – ​Read More

SAP Zero-Day Possibly Exploited by Initial Access Broker

A zero-day vulnerability in SAP NetWeaver potentially affects more than 10,000 internet-facing applications.

The post SAP Zero-Day Possibly Exploited by Initial Access Broker appeared first on SecurityWeek.

SecurityWeek – ​Read More

Why the road from passwords to passkeys is long, bumpy, and worth it – probably

The passkey standard has reached a precarious moment. Let’s not blow it, OK?

Latest stories for ZDNET in Security – ​Read More

Nearly 500,000 impacted by 2023 cyberattack on Long Beach, California

More than a year after a cyberattack on the government of Long Beach, California, the city is informing residents that information on nearly half a million people was leaked.

The Record from Recorded Future News – ​Read More

Is that really your boss calling? Jericho Security raises $15M to stop deepfake fraud that’s cost businesses $200M in 2025 alone

Credit: VentureBeat made with Midjourney


Pentagon-backed Jericho Security raises $15 million to combat deepfake fraud that has already cost North American businesses $200 million in 2025, using AI to detect increasingly convincing voice and video impersonations.Read More

Security News | VentureBeat – ​Read More