10.09.2025

The Hacker News 10.09.2025 01:08
Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts.
The vulnerability, tracked as CVE-2025-54236 (aka SessionReaper), carries a CVSS score of 9.1 out of a maximum of 10.0. It has been described as an improper input validation flaw. Adobe said it's not aware of

The Hacker News 10.09.2025 01:03
SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files.
The vulnerabilities are listed below –

CVE-2025-42944 (CVSS score: 10.0) – A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a malicious

CSO Online 10.09.2025 00:08
CISOs with SAP NetWeaver AS Java servers in their environments should make sure admins patch two highly critical vulnerabilities as soon as possible.
They are among the most important of the monthly Patch Tuesday fixes issued today by a number of vendors.

Krebs Security 09.09.2025 21:21
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft's most-dire "critical" label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.

Heise Security 09.09.2025 15:14
Digitale Dienste, Over-the-Air-Updates, KI und vernetzte Steuergeräte prägen Fahrzeugarchitekturen, weiß das BSI. Hersteller und Ausrüster müssten vorsorgen.

Heise Security 09.09.2025 13:44
SAP Netweaver stolpert über unsichere Deserialisierung und Dateioperationen. Vier Lücken haben höchste Priorität, eine mit kritischer Höchstwertung.