ZCyberNews
中文

Articles

432 articles

SAP Patches Critical SQL Injection Flaw in Business Planning and ConsolidationCRITICAL
Vulnerabilities

SAP Patches Critical SQL Injection Flaw in Business Planning and Consolidation

SAP has patched a critical SQL injection vulnerability (CVE-2026-27681, CVSS 9.9) in its Business Planning and Consolidation and Business Warehouse applications, allowing attackers to execute arbitrary database commands.

CVE-2026-27681
4 min read
Unmanaged Non-Human Identities Fuel Majority of Cloud BreachesHIGH
Industry News

Unmanaged Non-Human Identities Fuel Majority of Cloud Breaches

A 2024 analysis reveals 68% of cloud breaches stem from compromised, orphaned non-human identities like service accounts and API keys, not phishing or weak passwords, highlighting a critical gap in automated credential lifecycle management.

4 min read
Wireless Broadband Alliance Publishes Wi-Fi Roaming Security GuidelinesINFORMATIONAL
Industry News

Wireless Broadband Alliance Publishes Wi-Fi Roaming Security Guidelines

The Wireless Broadband Alliance has released new security guidelines for public Wi-Fi roaming networks, aiming to standardize authentication and encryption practices to prevent credential theft and man-in-the-middle attacks.

3 min read
Adware Campaign Hijacks DNS to Expose Thousands of OT and Government EndpointsHIGH
Malware

Adware Campaign Hijacks DNS to Expose Thousands of OT and Government Endpoints

A malicious adware campaign, active since at least 2023, hijacked DNS settings on over 25,000 systems to redirect traffic through attacker-controlled servers, exposing endpoints in critical OT and government networks to further compromise.

4 min read
AgingFly Malware Targets Ukrainian Government and HospitalsHIGH
Malware

AgingFly Malware Targets Ukrainian Government and Hospitals

A new malware family dubbed 'AgingFly' is stealing authentication data from Chromium browsers and WhatsApp in targeted attacks against Ukrainian local government bodies and hospitals.

3 min read
Asia's Digital Supply Chain Poses Distinct Security ChallengesMEDIUM
Industry News

Asia's Digital Supply Chain Poses Distinct Security Challenges

Asia's interconnected digital ecosystems, divergent regulatory regimes, and rapid AI adoption are creating unique and complex security risks for regional and global supply chains, according to a new analysis.

3 min read
Bitdefender Unifies Endpoint and Email Security in GravityZone PlatformINFORMATIONAL
Industry News

Bitdefender Unifies Endpoint and Email Security in GravityZone Platform

Bitdefender has integrated continuous email threat protection into its GravityZone platform, combining endpoint detection and response (EDR) with email security to combat phishing, BEC, and ransomware.

3 min read
Critical etcd Authentication Bypass Exposes Kubernetes Cluster SecretsCRITICAL
Vulnerabilities

Critical etcd Authentication Bypass Exposes Kubernetes Cluster Secrets

A critical authentication bypass flaw in etcd, CVE-2026-33413 (CVSS 8.8), allows unauthorized access to sensitive cluster APIs, potentially exposing secrets and configurations in Kubernetes and cloud-native environments.

CVE-2026-33413
4 min read
Critical Nginx UI Vulnerability Actively Exploited for Remote Server TakeoverCRITICAL
Vulnerabilities

Critical Nginx UI Vulnerability Actively Exploited for Remote Server Takeover

Attackers are actively exploiting CVE-2026-33032, a critical flaw in the Nginx UI management tool, to execute arbitrary code and gain full control of affected web servers.

CVE-2026-33032
3 min read
Cryptography Experts Warn Quantum Risk Management Must Begin ImmediatelyHIGH
Industry News

Cryptography Experts Warn Quantum Risk Management Must Begin Immediately

Cryptography experts warn that migrating to post-quantum cryptography will take years, urging organizations to begin quantum risk management now to protect encrypted data from future 'Q-Day' harvest-now, decrypt-later attacks.

3 min read
ENISA Official Warns of Fragile Global CVE Infrastructure Amid EU RegulatoryINFORMATIONAL
Industry News

ENISA Official Warns of Fragile Global CVE Infrastructure Amid EU Regulatory

The head of ENISA's vulnerability services warns that recent CVE program funding instability exposed systemic fragility in global disclosure, as new EU regulations make coordinated disclosure a legal obligation for vendors and critical entities.

3 min read
EssentialPlugin WordPress Suite Compromised to Deploy Backdoor on Thousands ofHIGH
Malware

EssentialPlugin WordPress Suite Compromised to Deploy Backdoor on Thousands of

The EssentialPlugin suite, comprising over 30 popular WordPress plugins, has been compromised to inject a backdoor granting attackers administrative access to thousands of websites. The supply chain attack is actively being exploited.

4 min read
← PrevPage 32 of 36Next →