Critical SAP S/4HANA Vulnerability Under Attack, Patch Now
Exploitation of CVE-2025-42957 requires "minimal effort" and can result in a complete compromise of the SAP system and host OS, according to researchers.
Patch management fixes known software flaws before attackers exploit them, reducing intrusion risk; prioritize critical systems and verify deployment.
Search across headline titles and summaries.
Background for this topic.
Patch is a software, firmware, or configuration update that fixes a defect, including a vulnerability an attacker could use to gain access, execute code, escalate privileges, or expose data. Patching reduces the exploitable attack surface across operating systems, applications, network devices, and embedded systems; it does not remove risk from unsupported or misconfigured assets, and updates can sometimes introduce compatibility or availability problems.
Effective patch management starts with an accurate inventory and vulnerability assessment, then prioritizes internet-facing systems, high-impact assets, and flaws known to be exploited. Organizations should test updates where practical, deploy them within defined time limits, verify installation, and retain rollback or compensating controls when immediate patching is unsafe. Monitoring vendor advisories and threat intelligence can identify urgent fixes, while documenting exceptions and coverage supports vulnerability management and audit requirements.
Exploitation of CVE-2025-42957 requires "minimal effort" and can result in a complete compromise of the SAP system and host OS, according to researchers.
9.9-rated flaw on the loose, so patch now A critical code-injection bug in SAP S/4HANA that allows low-privileged attackers to take over your SAP system is being actively exploited, according to security researchers.…
Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the discovery of a security flaw that has come under active exploitation in the wild
Mandiant Reveals Critical Flaw Exposes Sitecore ProductsAttackers exploited a now-patched zero-day vulnerability in a popular content management system that powers websites for companies including HSBC, L’Oréal, Toyota and United Airlines. Attackers used a cryptography key stored in some deployments to force the system into loading malware.
Google Cloud’s Mandiant successfully disrupted an active ViewState deserialization attack affecting Sitecore deployments
September bundle the largest this year, and possibly the most serious Patch Tuesday is next week, but Android is ahead of the game, dropping its biggest patch bundle this year while attackers actively exploit two of the now-fixed flaws.…
Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited in targeted attacks
Major flaws uncovered in Copeland controllers: Patch now Ten vulnerabilities in Copeland controllers, which are found in thousands of devices used by the world's largest supermarket chains and cold storage companies, could have allowed miscreants to manipulate temperatures and spoil food and medicine, leading to massive supply-chain disruptions.…
WhatsApp has fixed a zero-day vulnerability linked to a sophisticated cyber-attack