SAP warns of critical flaws in NetWeaver and Commerce Cloud
SAP has addressed 16 vulnerabilities across multiple products as part of its July 2026 security updates, including three critical flaws in NetWeaver, Commerce Cloud, and AppRouter. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
SAP has addressed 16 vulnerabilities across multiple products as part of its July 2026 security updates, including three critical flaws in NetWeaver, Commerce Cloud, and AppRouter. [...]
Januscape: A 16-year-old Linux KVM flaw lets cloud VM tenants crash hosts and potentially escape guests. It affects Intel and AMD systems. Security researcher Hyunwoo Kim has published details of a use-after-free vulnerability in Linux’s KVM hypervisor that allows code running inside a guest virtual machine to corrupt host kernel memory. The bug, tracked as […]
Adversaries could plant a malicious repository that can execute arbitrary code and steal cloud credentials by exploiting the vulnerability, which showcases growing MCP risk.
Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure
SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. [...]
Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation
Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems
SAP has released the May 2026 security updates addressing 15 vulnerabilities across multiple products, including two critical flaws in the Commerce Cloud enterprise-grade e-commerce platform and the S/4HANA ERP suite. [...]
Cisco has released security updates to patch four critical vulnerabilities, including a fixed improper certificate validation flaw in the company's cloud-based Webex Services platform that requires further customer action. [...]
The critical vulnerability affecting both cloud and self-hosted n8n instances requires no authentication or even n8n account to be exploited
LeakyLooker flaws in Google Looker Studio let attackers run cross-tenant SQL attacks on cloud data
Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims' databases and exfiltrate sensitive data within organizations' Google Cloud environments
Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days. [...]
Huntress researchers uncover campaign exploiting vulnerabilities to steal data using Elastic Cloud as a data hub
Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges
It's Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services
Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization
Update Chainlit to the latest version ASAP Two "easy-to-exploit" vulnerabilities in the popular open-source AI framework Chainlit put major enterprises' cloud environments at risk of leaking data or even full takeover, according to cyber-threat exposure startup Zafran.…
Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE)
Finish reading this, then patch A maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on vulnerable instances. The flaw is easy to abuse, and mass exploitation is "imminent," according to security researchers.…