VulnHub

Real-time Cybersecurity News

SAP Patches Critical CRM, S/4HANA, NetWeaver Vulnerabilities

SecurityWeek
PatchUpdateCritical

Overview

SAP has issued 26 new security notes along with one updated note addressing vulnerabilities in several of its products, including CRM, S/4HANA, and NetWeaver. This update was released on February 2026's security patch day, indicating that these vulnerabilities could pose significant risks to organizations using these systems. Companies that rely on SAP solutions should prioritize applying these patches to protect against potential exploitation. The vulnerabilities could allow attackers to gain unauthorized access or disrupt services, which can have serious consequences for businesses. It's crucial for SAP users to stay informed and act promptly to safeguard their systems.

Key Takeaways

  • Affected Systems: SAP CRM, SAP S/4HANA, SAP NetWeaver
  • Action Required: Apply the 26 new security notes and the updated note released by SAP.
  • Timeline: Newly disclosed

Original Article Summary

SAP has released 26 new and one updated security notes on February 2026 security patch day. The post SAP Patches Critical CRM, S/4HANA, NetWeaver Vulnerabilities appeared first on SecurityWeek.

Impact

SAP CRM, SAP S/4HANA, SAP NetWeaver

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Apply the 26 new security notes and the updated note released by SAP.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Patch, Update, Critical.

Read Original Article

Related Coverage

Idoru, Singapore, Gambling, Smartertools, Ivanti, ZeroDayRat, Twiki, Aaran Leyland... - SWN #554

SCM feed for Latest

A recent cybersecurity incident has raised concerns involving multiple companies, including Ivanti and SmarterTools. Researchers discovered a malware strain named ZeroDayRat that targets users of certain gambling platforms in Singapore. This malware is designed to steal sensitive data, potentially impacting users' personal and financial information. The incident is particularly alarming as it highlights the risks associated with online gambling and the importance of securing personal data against such threats. Users are advised to remain vigilant and ensure their devices are protected against this evolving malware.

Feb 10, 2026

In Bypassing MFA, ZeroDayRAT Is 'Textbook Stalkerware'

darkreading

The article discusses the threat posed by a malware known as ZeroDayRAT, which has been identified as a form of stalkerware. This malware can bypass multi-factor authentication (MFA) by gaining access to users' SIM cards, location data, and recent text messages. With this information, attackers can take over accounts or conduct targeted social engineering attacks. The implications are serious, as individuals' privacy and security can be compromised, leading to potential identity theft or harassment. Users need to be vigilant about their mobile security and consider additional protective measures to safeguard their information.

Feb 10, 2026

European Commission hit by cyberattack linked to Ivanti software flaws

SCM feed for Latest

The European Commission recently experienced a cyberattack that took advantage of two critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software, identified as CVE-2026-1281 and CVE-2026-1340. These vulnerabilities allowed attackers to potentially compromise sensitive information and systems within the Commission. As a key institution in the EU, any breach could have significant implications for data security and operational integrity. The exploitation of these flaws underscores the urgent need for organizations using Ivanti EPMM to assess their security measures and apply necessary updates promptly. This incident serves as a reminder of the ongoing risks associated with unpatched software vulnerabilities.

Feb 10, 2026

Compilers undermine cryptographic software security

SCM feed for Latest

Researchers have identified vulnerabilities in compilers, particularly GCC, that can compromise the security of cryptographic software. The issue arises from how these compilers optimize code, potentially undoing constant-time implementations that are designed to prevent timing attacks. Timing attacks allow attackers to infer sensitive information, like passwords, based on how long it takes a system to respond to requests. This is a significant concern for developers of cryptographic software who rely on constant-time operations to secure user data. Companies that use GCC for their software development should be aware of these vulnerabilities and consider reviewing their code to ensure it remains secure against timing analysis attacks.

Feb 10, 2026

Photo identification apps leak sensitive data of 152,000 users

SCM feed for Latest

A recent security incident has exposed sensitive data of about 152,000 users of various photo identification apps. Researchers from Cybernews discovered that the breaches were due to misconfigured Firebase instances within these applications. The lack of proper authentication and access controls left their databases vulnerable and open to unauthorized access. This incident raises significant concerns about user privacy and the safety of personal information, as such data breaches can lead to identity theft and other malicious activities. Users of these apps should be aware of the risks and take steps to secure their information.

Feb 10, 2026

Critical vulnerability in BeyondTrust software requires urgent patching

SCM feed for Latest

A newly discovered vulnerability, identified as CVE-2026-1731, poses a serious risk to users of BeyondTrust software. This flaw allows for remote code execution without the need for user interaction, meaning that attackers could exploit it through relatively straightforward methods. Organizations using BeyondTrust products should take this threat seriously as it could lead to unauthorized access and control over their systems. Timely patching is crucial to mitigate the risks associated with this vulnerability, especially since it can be exploited before any authentication takes place. Users are advised to check for updates and apply any available patches immediately to protect their systems from potential attacks.

Feb 10, 2026