New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login
Wed, 15 Oct 2025 11:06:00 +0530
SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution.
The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has been described as a case of insecure deserialization.
“Due to a deserialization vulnerability in SAP NetWeaver, an
https://thehackernews.com/2025/10/new-sap-netweaver-bug-lets-attackers.html
Adobe Patches Critical Vulnerability in Connect Collaboration Suite
Wed, 15 Oct 2025 04:25:29 +0000
Adobe has published a dozen security advisories detailing over 35 vulnerabilities across its product portfolio.
The post Adobe Patches Critical Vulnerability in Connect Collaboration Suite appeared first on SecurityWeek.
https://www.securityweek.com/adobe-patches-critical-vulnerability-in-collaboration-suite/
Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws
Wed, 15 Oct 2025 04:10:17 +0000
The tech giant has rolled out fixes for 173 CVEs, including five critical-severity security defects.
The post Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws appeared first on SecurityWeek.
https://www.securityweek.com/microsoft-patches-173-vulnerabilities-including-exploited-windows-flaws/
Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year
Tue, 14 Oct 2025 22:25:00 +0530
Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year.
The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored hacking group called Flax Typhoon, which is also tracked as Ethereal Panda and RedJuliett. According to the U.S. government, it’s assessed to be a publicly-traded
https://thehackernews.com/2025/10/chinese-hackers-exploit-arcgis-server.html
HyperBunker Raises Seed Funding to Launch Next-Generation Anti-Ransomware Device
Tue, 14 Oct 2025 15:49:59 +0000
Investors are placing bets on a hardware-based approach to data security in a market dominated by software solutions for ransomware resilience.
The post HyperBunker Raises Seed Funding to Launch Next-Generation Anti-Ransomware Device appeared first on SecurityWeek.
https://www.securityweek.com/hyperbunker-raises-seed-funding-to-launch-next-generation-anti-ransomware-device/
Cybereason to Be Acquired by MSSP Giant LevelBlue
Tue, 14 Oct 2025 14:53:16 +0000
This is LevelBlue’s third acquisition this year, after Trustwave and Aon’s Cybersecurity & IP Litigation Consulting groups.
The post Cybereason to Be Acquired by MSSP Giant LevelBlue appeared first on SecurityWeek.
https://www.securityweek.com/cybereason-acquired-by-mssp-giant-levelblue/
SAP Patches Critical Vulnerabilities in NetWeaver, Print Service, SRM
Tue, 14 Oct 2025 13:52:21 +0000
SAP has rolled out additional protections for insecure deserialization bugs resolved in NetWeaver AS Java recently.
The post SAP Patches Critical Vulnerabilities in NetWeaver, Print Service, SRM appeared first on SecurityWeek.
https://www.securityweek.com/sap-patches-critical-vulnerabilities-in-netweaver-print-service-srm/
Fraud Prevention Firm Resistant AI Raises $25 Million
Tue, 14 Oct 2025 12:59:15 +0000
Resistant AI will use the funding to expand its fraud detection and transaction monitoring offerings to new markets.
The post Fraud Prevention Firm Resistant AI Raises $25 Million appeared first on SecurityWeek.
https://www.securityweek.com/fraud-prevention-firm-resistant-ai-raises-25-million/
Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack
Tue, 14 Oct 2025 12:47:20 +0000
Hackers have posted over 1 Tb of information allegedly stolen from Harvard on the Cl0p data leak website.
The post Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack appeared first on SecurityWeek.
https://www.securityweek.com/harvard-is-first-confirmed-victim-of-oracle-ebs-zero-day-hack/
Beyond the Black Box: Building Trust and Governance in the Age of AI
Tue, 14 Oct 2025 12:00:00 +0000
Balancing innovation with ethical governance is crucial for ensuring fairness, accountability, and public trust in the age of intelligent machines.
The post Beyond the Black Box: Building Trust and Governance in the Age of AI appeared first on SecurityWeek.
https://www.securityweek.com/beyond-the-black-box-building-trust-and-governance-in-the-age-of-ai/
Moving Beyond Awareness: How Threat Hunting Builds Readiness
Tue, 14 Oct 2025 17:25:00 +0530
Every October brings a familiar rhythm – pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the corner, yet for those of us in cybersecurity, Security Awareness Month is the true seasonal milestone.
Make no mistake, as a security professional, I love this month. Launched by CISA and the National
https://thehackernews.com/2025/10/moving-beyond-awareness-how-threat.html
Pixnapping Attack Steals Data From Google, Samsung Android Phones
Tue, 14 Oct 2025 11:50:13 +0000
Google has released a partial patch for the Pixnapping attack and is working on an additional fix.
The post Pixnapping Attack Steals Data From Google, Samsung Android Phones appeared first on SecurityWeek.
https://www.securityweek.com/pixnapping-attack-steals-data-from-google-samsung-android-phones/
RMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing
Tue, 14 Oct 2025 17:15:00 +0530
Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP).
The attack, per ETH Zürich researchers Benedict Schlüter and Shweta Shinde, exploits AMD’s incomplete protections that make it possible to perform a single memory
https://thehackernews.com/2025/10/rmpocalypse-single-8-byte-write.html
New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions
Tue, 14 Oct 2025 16:48:00 +0530
Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines, and other sensitive data without the users’ knowledge pixel-by-pixel.
The attack has been codenamed Pixnapping by a group of academics from the University of California (Berkeley), University of
https://thehackernews.com/2025/10/new-pixnapping-android-flaw-lets-rogue.html
What AI Reveals About Web Applications— and Why It Matters
Tue, 14 Oct 2025 16:30:00 +0530
Before an attacker ever sends a payload, they’ve already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your systems behave. AI is significantly accelerating reconnaissance and enabling attackers to map your
https://thehackernews.com/2025/10/what-ai-reveals-about-web-applications.html
CISO Conversations: Are Microsoft’s Deputy CISOs a Signpost to the Future?
Tue, 14 Oct 2025 11:00:00 +0000
SecurityWeek talks to Microsoft Deputy CISOs Ann Johnson and Mark Russinovich.
The post CISO Conversations: Are Microsoft’s Deputy CISOs a Signpost to the Future? appeared first on SecurityWeek.
https://www.securityweek.com/ciso-conversations-are-microsofts-deputy-cisos-a-signpost-to-the-future/
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
Tue, 14 Oct 2025 12:39:00 +0530
Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks.
Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers to
https://thehackernews.com/2025/10/npm-pypi-and-rubygems-packages-found.html
Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain
Tue, 14 Oct 2025 10:58:00 +0530
Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns.
The Proofpoint Threat Research Team described the threat activity cluster as sophisticated, leveraging web injections and filtering checks as part of its attack chains.
“TA585 is notable because it
https://thehackernews.com/2025/10/researchers-expose-ta585s-monsterv2.html
⚡ Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More
Mon, 13 Oct 2025 18:48:00 +0530
Every week, the cyber world reminds us that silence doesn’t mean safety. Attacks often begin quietly — one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time alarms sound, the damage is done.
This week’s edition looks at how attackers are changing the game — linking different flaws, working together across borders, and even turning trusted tools into weapons.
https://thehackernews.com/2025/10/weekly-recap-whatsapp-worm-critical.html
Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk
Mon, 13 Oct 2025 17:20:00 +0530
Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems see nothing. With the 2025 shopping season weeks away, visibility gaps must close now.
Get the complete Holiday Season Security Playbook here.
Bottom Line Up Front
The 2024 holiday season saw major
https://thehackernews.com/2025/10/why-unmonitored-javascript-is-your.html