SAP fixes three critical vulnerabilities across multiple products

SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three ...
Developer Tech

Log4j downloads shows supply chain wake-up call ignored

Ongoing vulnerable Log4j downloads suggest the supply chain crisis wasn't the wake-up call it should have been.
Cyber Defense Magazine

From Noise to Signal: Making Static Application Security Testing (SAST) Work for Devs

In 2025, the average data breach cost in the U.S. reached $10.22 million, highlighting the critical need for early detection ...
Microsoft

Imposter for hire: How fake people can gain very real access

Fake employees are an emerging cybersecurity threat. Learn how they infiltrate organizations and what steps you can take to ...
SecurityWeek

Unpatched Gogs Zero-Day Exploited for Months

Threat actors have exploited a zero-day vulnerability in the Gogs self-hosted Git service to compromise over 700 ...

Google links more Chinese hacking groups to React2Shell attacks

Over the weekend, ​Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the ...
SecurityWeek

Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery

UNC6588 exploited CVE-2025-55182 to download a backdoor named Compood, which has typically been used by Chinese hackers in ...

Three critical vulnerabilities patched by SAP - here's what we know

The most critical bug fixed this time is a code injection vulnerability discovered in SAP Solution Manager ST 720, a specific ...
PCMag on MSN

Apple Rolls Out Patches for ‘Sophisticated’ Targeted Zero-Day Attacks

The vulnerabilities may have been exploited in 'an extremely sophisticated attack against specific targeted individuals' ...