Security News

SAP fixed 23 vulnerabilities across roughly a dozen products on Tuesday, including a series of high-risk flaws in SAP POS and SAP Host Agent.

Version 10g of Oracle Access Manager suffers from vulnerabilities that could allow an attacker to hijack sessions.

The Katyusha Scanner can find SQL injection bugs at scale, and is managed via the Telegram messenger on any smartphone.

Microsoft releases a total of 57 security patches, part of its July Patch Tuesday, with 20 rated critical.

Microsoft today addressed two NTLM-related vulnerabilities privately disclosed by Preempt Security. The flaws allow for credential relay attacks.

Adobe only fixed six vulnerabilities in two products, making it the company's smallest security bulletin of the year.

Avanti Markets notified customers of a possible breach of personal and payment card data as well as biometric user information that likely occurred July 4.

The EFF's annual Who Has Your Back report singles out giant telecommunications providers for their prioritization of government requests for data over privacy.

Adversaries are using the SMB communications channel to launch template injection attacks against the energy sector, including nuclear facilities.

Google has put websites signed with WoSign/StartCom SSL certificates on notice that it will no longer trust certs from the Chinese CA starting in Chrome 61.