All news with #sap tag

🔒 Ivanti, Fortinet, SAP, VMware, n8n and dozens of other vendors have released security updates addressing multiple high- and critical-severity flaws that enable authentication bypass, information disclosure, local privilege escalation, and remote code execution. Highlights include a critical Ivanti Xtraction file-name control flaw (CVE-2026-8043), Fortinet authentication and sandbox execution bugs, SAP SQL injection and missing-auth issues, and a TOCTOU local privilege escalation in VMware Fusion. Administrators should prioritize applying the vendor-recommended patches immediately.

🔔At SAP SAPPHIRE, Google Cloud and SAP introduced a Unified Data Foundation to connect SAP business data directly into BigQuery and enable agentic AI workflows. Announcements include BDC Connect for BigQuery GA with zero-copy access, new 48TB X5 memory-optimized instances, a SecNumCloud-qualified Sovereign Cloud with S3NS, and Google SecOps for SAP in preview. The new Cortex Framework preview aims to accelerate building agentic solutions while maintaining enterprise governance and reducing data movement.

🚀 At SAP Sapphire 2026, Microsoft and SAP announced expanded integrations to embed AI across SAP applications on Azure, emphasizing Microsoft IQ as a shared intelligence layer and agent-to-agent capabilities between Copilot and Joule. The updates include bi-directional, zero-copy delta sharing with SAP Business Data Cloud and Microsoft Fabric, sovereign cloud expansions, and an enlarged RISE with SAP acceleration program. These developments aim to move enterprises from experimentation to production-ready, governed AI at scale.

🔒 SAP released its May 2026 security updates addressing 15 vulnerabilities across multiple products, including two critical flaws affecting Commerce Cloud and S/4HANA. The most severe (CVE-2026-34263) is a missing authentication check in Commerce Cloud that can allow unauthenticated remote code execution via improper Spring Security configuration. The other critical (CVE-2026-34260) permits low-complexity SQL injection by attackers with basic privileges, risking sensitive data exposure and potential service crashes. SAP also patched one high and 11 medium-severity issues and reports no evidence of in-the-wild exploitation to date.

🖥️ Amazon has launched EC2 X8i instances in Europe (Ireland) and Asia Pacific (Mumbai), powered by AWS-exclusive Intel Xeon 6 processors and certified for SAP. These memory-optimized instances deliver up to 1.5x more memory (up to 6 TB), 3.3x greater memory bandwidth, and up to 43% higher performance compared with prior X2i generations. Offered in 14 sizes from large to 96xlarge, including two bare-metal options, X8i targets SAP HANA, large databases, data analytics, and EDA, and is available via Savings Plans, On-Demand, or Spot.

🔒 A supply-chain campaign dubbed "mini Shai-Hulud" infected SAP-related npm packages in late April, inserting install-time malware that harvested developer credentials, GitHub and npm tokens, GitHub Actions secrets, and cloud credentials across AWS, Azure, GCP and Kubernetes. Researchers identified affected packages including mbt@1.2.48 and several @cap-js modules. The malicious releases were later replaced with safe versions.

🔒 Multiple official SAP npm packages were recently compromised in a supply-chain operation that installs a malicious preinstall script during package installation. The script downloads the Bun runtime and executes an obfuscated payload that harvests a wide range of secrets — including npm and GitHub tokens, SSH keys, cloud credentials, Kubernetes configs, and CI/CD environment variables — and exfiltrates them to public GitHub repositories. Researchers attribute the campaign with medium confidence to TeamPCP and warn it includes self-propagation logic to modify other packages using stolen credentials.

⚠️ Researchers have uncovered a supply-chain campaign dubbed the "mini Shai-Hulud" that poisoned multiple SAP-related npm packages to install credential-stealing malware during installation. The malicious releases added a preinstall hook that fetched and executed a platform-specific Bun binary, harvesting local credentials, GitHub and npm tokens, CI secrets, and cloud credentials. Analysts from Aikido Security, SafeDep, Socket, StepSecurity and Wiz advise rotating tokens, inspecting workflows, and upgrading to patched releases.

🔒 April's Patch Tuesday addresses critical vulnerabilities across major vendors. Patches fix a near-critical SQL injection in SAP (CVE-2026-27681) that enables arbitrary database commands, an actively exploited RCE in Adobe Acrobat Reader (CVE-2026-34621), and numerous high-severity Microsoft, Fortinet, and ColdFusion issues. FortiSandbox fixes close authentication-bypass and command-injection holes, while Adobe's ColdFusion updates remediate multiple code execution and path-traversal flaws. Organizations should prioritize vendor updates and apply mitigations where immediate patching is not possible.

🔒 Microsoft’s April Patch Tuesday addresses 167 vulnerabilities, including an actively exploited SharePoint Server zero-day and a critical Windows IKE remote code execution bug. Administrators should prioritize CVE-2026-32201 in SharePoint and the 9.8-rated CVE-2026-33824 in the Windows IKE service. Temporary mitigations—blocking UDP ports 500/4500 or restricting traffic to known peers—reduce risk but do not replace patching. Teams must also apply critical SAP fixes and validate Microsoft Defender and Active Directory protections.

🤖 SAP Concur and Google Cloud modernized expense automation by upgrading ExpenseIt from OCR-first processing to an agentic AI workflow that reasons about missing data. The system combines a deterministic text-extraction core with a Gemini-powered Receipt Analysis Agent that triggers only for ambiguous receipts. Using routing, contextual reasoning, and tool access to travel and calendar data, the agent infers missing fields and completes entries, reducing manual corrections and speeding expense submission.

🔒 SAP, Microsoft, Adobe and many other vendors released patches this month for multiple critical and high‑risk vulnerabilities, including remote code execution and authentication bypasses. SAP addressed two critical flaws — CVE-2019-17571 (Log4j 1.2.17, CVSS 9.8) and CVE-2026-27685 (insecure deserialization, CVSS 9.1) — while Microsoft and Adobe shipped fixes for dozens more. Hewlett Packard Enterprise patched an Aruba AOS‑CX authentication bypass (CVE-2026-23813, CVSS 9.8). Organizations should prioritize fixes for RCE, insecure deserialization, and authentication-bypass issues on Internet-facing and management interfaces.

🔒 It's Patch Tuesday: more than 60 software vendors released security updates addressing flaws across OS, cloud, and networking platforms. Microsoft fixed 59 vulnerabilities, including six actively exploited zero-days that can bypass protections, escalate privileges, or cause DoS. SAP patched two critical bugs — a SQL injection in CRM/S/4HANA (CVE-2026-0488, CVSS 9.9) and a missing authorization in NetWeaver ABAP (CVE-2026-0509, CVSS 9.6) — which may require kernel updates and role or UCON adjustments. Intel and Google also disclosed five TDX 1.5 vulnerabilities and numerous improvement suggestions; Adobe released multiple product updates with no known in-the-wild exploits reported.

🕵️‍♂️ Palo Alto Networks' Unit 42 reports a state-sponsored threat actor tracked as TGR-STA-1030/UNC6619 has run global-scale "Shadow Campaigns," compromising at least 70 government and critical infrastructure organizations across 37 countries and conducting reconnaissance tied to 155 countries. The actor has been active since at least January 2024 and is assessed to operate from Asia. Initial access combined tailored phishing lures hosted on Mega.nz with exploitation of known flaws in SAP Solution Manager, Microsoft Exchange, D-Link, and Windows to deploy loaders such as Diaoyu. Victim environments were instrumented with Cobalt Strike, webshells, tunneling tools, and a bespoke Linux eBPF rootkit named ShadowGuard to hide activity and evade detection.

🔒 The Chief Trust Officer (CTrO) marks a shift from defending systems to safeguarding corporate credibility, responding to eroded customer confidence after breaches and AI concerns. Early adopters such as Atlassian, Salesforce and SAP and analyst research from Forrester show the role consolidates privacy, security, compliance and ethics. Unlike a traditional CISO, the CTrO focuses on reputation, transparency and customer trust while partnering with security teams to operationalize measurable signals of trust. Success depends on board visibility, leadership backing and demonstrable behavior change.

🔐 Fortinet, Ivanti, and SAP have released urgent patches to address high-severity authentication and code-execution flaws affecting FortiOS, FortiWeb, FortiProxy, FortiSwitchManager, Ivanti Endpoint Manager, and multiple SAP products. Fortinet's issues (CVE-2025-59718, CVE-2025-59719; CVSS 9.8) can allow FortiCloud SSO bypass via crafted SAML messages when that feature is enabled. Ivanti patched a stored XSS (CVE-2025-10573; CVSS 9.6) and additional bugs that could lead to remote code execution, while SAP's update remedies three critical flaws including a 9.9 CVSS code injection. Administrators are urged to apply vendor updates or temporarily disable affected features until systems are patched.

🔒 SAP released December security updates fixing 14 vulnerabilities across multiple products, including three critical flaws that could enable remote code execution and full system compromise. The most severe, CVE-2025-42880 (CVSS 9.9), is a code-injection issue in SAP Solution Manager ST 720. A Tomcat-related bundle tracked as CVE-2025-55754 (CVSS 9.6) affects SAP Commerce Cloud, and CVE-2025-42928 (CVSS 9.1) is a deserialization bug in SAP jConnect. Administrators are urged to deploy the provided fixes without delay.

🚀 AWS Glue zero-ETL integrations now support AWS CloudFormation and the AWS Cloud Development Kit (CDK), enabling creation and management of zero-ETL integrations using infrastructure as code. This lets teams ingest data from DynamoDB and enterprise SaaS sources (Salesforce, ServiceNow, SAP, Zendesk) into Amazon Redshift, S3, and S3 Tables. CloudFormation and CDK support makes it easier to deploy, update, and version-control zero-ETL configurations consistently across multiple AWS accounts.

📥 AWS announced general availability of its new E-Invoice delivery capability that lets customers connect their SAP Ariba and Coupa procurement portals to AWS to retrieve purchase orders and deliver PO-matched invoices back on the same day. Customers can onboard via the AWS Billing and Cost Management console and track invoice delivery status in both systems. The feature is available in all AWS Regions except GovCloud (US) and the China regions. This streamlines invoice processing and reduces manual reconciliation.

🔒 SAP released November security updates addressing a maximum-severity (10.0) hardcoded credentials flaw in the non-GUI component of SQL Anywhere Monitor (CVE-2025-42890) and a critical code-injection issue in SAP Solution Manager (CVE-2025-42887). The embedded credentials could allow attackers to access administrative functions and potentially execute arbitrary code. Administrators should apply updates and follow SAP mitigation guidance promptly.