SAP has released a new batch of security updates as part of its June 2026 Security Patch Day, resolving several vulnerabilities affecting core enterprise applications and infrastructure components. Among the disclosed issues are multiple critical flaws capable of enabling unauthorized access, privilege escalation, remote attacks, and exposure of sensitive business data. Given the broad deployment of affected SAP products across enterprise environments, organizations are advised to review and deploy the latest security fixes without delay. The most severe issue addressed this month is CVE-2026-44748, an XML Signature Wrapping vulnerability affecting SAML authentication processes within SAP NetWeaver AS ABAP and ABAP Platform environments. Successful exploitation could allow manipulation of signed XML data, potentially enabling unauthorized access and misuse of identity-related information. SAP also resolved CVE-2026-27671, a flaw within the ABAP kernel that may permit memory corruption through specially crafted RFC requests, creating a pathway for system compromise without requiring valid credentials. Additional critical vulnerabilities impact SAP Commerce Cloud, SAP Data Hub, and SAP NetWeaver Java components. These include weaknesses related to Spring Security implementations, directory traversal conditions, authorization failures, and database query manipulation. Several lower-severity issues involving SQL injection, cross-site scripting, and third-party library risks were also corrected. The extensive number of affected components highlights the importance of maintaining a structured patch management program for SAP environments.
A newly observed phishing campaign is abusing trusted file formats and lightweight scripting environments to deliver commodity malware while evading traditional security tools. Att...
Cybersecurity researchers discovered a sophisticated cyber espionage campaign utilizing a newly documented malware variant named GoSerpent. Operating covertly since late 2025, the ...
Ernst & Young (EY) has disclosed a data breach caused by the compromise of a third-party IT support ticket system used by its personnel. The unauthorized access occurred between Ma...