SAP Patchday: Critical vulnerabilities in SAP NetWeaver and other weaknesses

For the June patch day, SAP is addressing 15 new vulnerabilities in several products. Three critical ones affect NetWeaver.
SDxCentral

Broadcom injects security updates into Spring, Java ecosystems

Broadcom rolled out security updates to the Spring and Java ecosystems tied to helping organizations navigate a surge in ...
InfoWorld

Broadcom beefs up Spring security to protect against AI-enabled attacks

Both the Spring Java community and users buying commercial support from Broadcom Tanzu will benefit, but paid users get extra ...

Gogs patches critical zero-day enabling remote code execution

Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and ...
SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...
Opinion
HackadayOpinion

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...
CSO Online

Claude Code has an MCP security problem — and your developers are already using it

The Mitiga disclosure is the most recent, but it is not the first time Claude Code’s configuration model has created a ...

Microsoft took OpenClaw, wrapped it in enterprise security, and called it Scout

A few days after Google introduced its OpenClaw-based AI agent with Spark, Microsoft is now doing the same with Scout. The ...
Bleeping Computer

CISA flags two-year-old Oracle flaw as actively exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched ...
ITWeb

Cloud-native, done for the enterprise – not the demo

Containers and micro-services are not the hard part. Making them work alongside the core systems that already run your ...

DeepSWE blows up the AI coding leaderboard, crowns GPT-5.5, and finds Claude Opus exploiting a benchmark loophole

DeepSWE puts GPT-5.5 atop the AI coding leaderboard while raising new questions about Claude Opus, SWE-Bench Pro, and ...
Space Coast Daily

The Most Expensive Java Bugs in History: Vulnerabilities That Shook the Industry

Java has powered the world's most critical software for nearly three decades — from banking platforms and healthcare systems to enterprise applications and Android apps.