SAP warns of critical flaws in NetWeaver and Commerce Cloud
SAP has addressed 16 vulnerabilities across multiple products as part of its July 2026 security updates, including three critical flaws in NetWeaver, Commerce Cloud, and AppRouter. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
SAP has addressed 16 vulnerabilities across multiple products as part of its July 2026 security updates, including three critical flaws in NetWeaver, Commerce Cloud, and AppRouter. [...]
Report claims more vulnerabilities created than fixed as remediation gap widens Veracode has posted its annual State of Software Security report, based on data from 1.6 million applications tested on its cloud platform, finding that more vulnerabilities are being created than are being fixed, and that high-velocity development with AI is making comprehensive security unattainable.…
Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE)
CISA Issues Emergency Directive Requiring Federal Agencies to Fix FlawA vulnerability in Exchange hybrid deployments could allow attackers to escalate privileges and gain administrative access to cloud-based environments. Microsoft said Tuesday there is no evidence of its exploitation and "strongly" recommended installing hot fix updates made available in April.
Microsoft has warned customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that could allow attackers to escalate their privileges in Exchange Online cloud environments without leaving any traces. [...]
The vulnerability, with a 9.9 CVSS score on a 10-point scale, results in different Cisco ISE deployments all sharing the same credentials as long as the software release and cloud platform remain the same.
The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider’s storage security controls and default settings
Cloud software firm VMware has issued a critical security advisory, detailing three zero-day vulnerabilities being actively exploited in the wild
Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker Ivanti just put out a security advisory warning of three critical vulnerabilities in its Cloud Services Application (CSA), including a perfect 10.…
Ivanti warned customers on Tuesday about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. [...]
Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild
Ivanti confirmed on Friday that a high severity vulnerability in its Cloud Services Appliance (CSA) solution is now actively exploited in attacks. [...]
Microsoft is warning about the potential abuse of Azure Service Tags by malicious actors to forge requests from a trusted service and get around firewall rules, thereby allowing them to gain unauthorized access to cloud resources
Cloud computing and analytics company Snowflake said a "limited number" of its customers have been singled out as part of a targeted campaign
VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections
Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through a SQL Server instance
But IBM warns credential compromise is number one initial access vector
CISA has added a critical severity vulnerability in VMware's Cloud Foundation to its catalog of security flaws exploited in the wild. [...]
The Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. [...]
The Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. [...]