enterprise
Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957)
A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers “to a limited extent”, the Dutch …
Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690)
A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several …
Cutting through CVE noise with real-world threat signals
CISOs are dealing with an overload of vulnerability data. Each year brings tens of thousands of new CVEs, yet only a small fraction ever become weaponized. Teams often fall …
Commvault plugs holes in backup suite that allow remote code execution
Commvault has fixed four security vulnerabilities that may allow unauthenticated attackers to compromise on-premises deployments of its flagship backup and replication suite. …
How security teams are putting AI to work right now
AI is moving from proof-of-concept into everyday security operations. In many SOCs, it is now used to cut down alert noise, guide analysts during investigations, and speed up …
Win-DDoS: Attackers can turn public domain controllers into DDoS agents
SafeBreach researchers have released details on several vulnerabilities that could be exploited by attackers to crash Windows Active Directory domain controllers (DCs), one …
From legacy to SaaS: Why complexity is the enemy of enterprise security
In this Help Net Security interview, Robert Buljevic, Technology Consultant at Bridge IT, discusses how the coexistence of legacy systems and SaaS applications is changing the …
Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786)
“In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the …
Open-source server management platform Proxmox VE 9.0 released
Proxmox Virtual Environment (VE) 9.0 introduces advancements in both storage and networking capabilities, addressing critical enterprise demands. A highlight is the …
Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987)
Unauthenticated command injection vulnerabilities (CVE-2025-54948, CVE-2025-54987) affecting the on-premise version of Trend Micro’s Apex One endpoint security platform …
What’s keeping risk leaders up at night? AI, tariffs, and cost cuts
Enterprise risk leaders are most concerned about rising tariffs and trade tensions heading into the second half of 2025, according to a new report from Gartner. The firm’s …
Secrets are leaking everywhere, and bots are to blame
Secrets like API keys, tokens, and credentials are scattered across messaging apps, spreadsheets, CI/CD logs, and even support tickets. According to Entro Security’s NHI …
Featured news
Resources
Don't miss
- TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware
- CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation
- Top product launches at RSAC 2026
- Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks
- AI SOC vendors are selling a future that production deployments haven’t reached yet