#sap

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Service Suite Vulnerabilities: Use of Less Trusted Source, Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), Integer Overflow or Wraparound, Out-of-bounds Write, Allocation of Resources Without Limits or Throttling, Exposure of Sensitive Information to an Unauthorized Actor, Memory Allocation with Excessive Size Value, Out-of-bounds Read, Uncontrolled Resource Consumption, Improper Resource Shutdown or Release, Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to compromise the confidentiality, integrity, or availability of affected devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports the following products are affected: Service Suite: Versions 9.8.1.3 and prior 3.2 VULN...

A hacker group claiming affiliation with Anonymous says it breached GlobalX Airlines, leaking sensitive flight and passenger data…

Plus: A DOGE operative’s laptop reportedly gets infected with malware, Grok AI is used to “undress” women on X, a school software company’s ransomware nightmare returns, and more.

A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver. Forescout Vedere Labs, in a report published today, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025. CVE-2025-31324 refers to a critical SAP NetWeaver flaw

We're rolling out a brand new feature in Malwarebytes for iOS: the ability to block Google sponsored ads directly on Safari.

Meta has won almost $170m in damages from Israel-based NSO Group, maker of the Pegasus spyware.

A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new investigation reveals.

CBP says it has “disabled” its use of TeleMessage following reports that the app, which has not cleared the US government’s risk assessment program, was hacked.

In the wake of SignalGate, a knockoff version of Signal used by a high-ranking member of the Trump administration was hacked. Today on Uncanny Valley, we discuss the platforms used for government communications.

US jury orders NSO Group to pay $168M to WhatsApp and Meta over Pegasus spyware use in 2019…