🛡️ Herramientas críticas sin parche pueden abrir acceso total a tu empresa Fortinet, Ivanti y SAP publicaron parches para fallas críticas. Estas marcas suelen estar en seguridad, movilidad, procesos administrativos y sistemas empresariales. El riesgo para cualquier negocio es que cuando falla una herramienta central, el atacante puede entrar por donde la empresa más confía. ⚠️ ¿Qué pasó? Fortinet corrigió CVE-2026-25089 en FortiSandbox. FortiSandbox analiza archivos sospechosos para detectar malware. La falla permite ejecutar comandos sin iniciar sesión. Ivanti corrigió dos fallas en Ivanti Sentry, antes MobileIron Sentry. Sentry ayuda a proteger accesos móviles y correo corporativo. La más grave, CVE-2026-10520, permite ejecución remota como root, el máximo control del sistema. También corrigió CVE-2026-10523, que permite crear cuentas administrativas sin autorización. CISA, agencia de ciberseguridad de Estados Unidos, agregó CVE-2026-10520 a su lista de fallas explotadas. SAP corrigió fallas críticas en NetWeaver, ABAP Platform, Commerce Cloud y Data Hub. SAP suele manejar procesos de negocio como finanzas, compras, logística y datos operativos. 💡 ¿Qué deben hacer? Pidan a TIC confirmar si usan FortiSandbox, Ivanti Sentry o SAP. Apliquen parches primero en sistemas expuestos a internet. Revisen cuentas administrativas nuevas o desconocidas. Cierren interfaces de administración públicas. Monitoreen comandos raros, cambios de configuración y accesos fuera de horario.

SAP fixes critical flaws in NetWeaver and Commerce Cloud bleepingcomputer.com/news/se… bleepingcomputer.com/news/se…

ثغرة حرجة في خوادم ساب تتيح للمهاجم تزوير الهوية وتجاوز المصادقة بالكامل المعرّف : CVE-2026-44748 درجة الخطورة : 9.9 (CVSS) - Critical الإصدارات المتأثرة : SAP NetWeaver AS ABAP / ABAP Platform الحل : Apply SAP Note 3746332 #CVE #SAP #CyberSecurity #CVE202644748

🔐 SAP NetWeaver AS ABAP hit with a SAML XML Signature Wrapping flaw (CVE-2026-44748, CVSS 9.9). Authenticated users can forge signed XML docs to bypass auth controls — critical scope impact across C/I/A. Patch via SAP Note 3746332. #SAP #AppSec secalerts.co/vulnerability/C…

Cuda , Suda , wuda : The real opportunity they had and have is create SAPs out of India. As the world evolves to models -> agents -> FDE to reengineer enterprises , SAP did that in the 1990s with business logic capture as rules in netweaver and made it. Platform and stickiness. These companies are inside every business in the world , understand their businesses and it’s all about sedimenting business logic into context / personalization / customized workflows. They failed because their business model is time and material and return money as dividends than platform and re-invest. Time for 4 new TCS / Wipro / Infy to emerge out of India.

Attackers can exploit critical vulnerabilities in SAP NetWeaver and SAP Commerce Cloud to gain unauthorised access and compromise affected systems. Users and administrators are advised to patch immediately. 🔗:csa.gov.sg/alerts-and-adviso…

Dutch IT Channel - @SAP patcht ernstige kwetsbaarheden in NetWeaver en Commerce Cloud dutchitchannel.nl/news/75331…

Dutch IT Channel - @SAP patcht ernstige kwetsbaarheden in NetWeaver en Commerce Cloud dutchitchannel.nl/news/75331…

SAP NetWeaver・Commerce Cloudに6月緊急パッチ。Critical 4件含む15件で、情報漏洩・メモリ破壊・サービス妨害の三拍子。基幹系を押さえるSAPだけに影響範囲が読めない。担当者は即確認を。 bleepingcomputer.com/news/se… #セキュリティ

SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The vulnerability, track... f.mtr.cool/kyeqxeaxfz

SAP June Patch Day: 15 security notes, 4 critical. CVE-2026-44748 (CVSS 9.9) — XML Signature Wrapping bypass in NetWeaver SAML. CVE-2026-27671 (CVSS 9.8) — unauthenticated memory corruption in ABAP RFC gateway. dailysecurityreview.com/reso… #CyberSecurity #Vulne

SAP corrige vulnerabilidades críticas en NetWeaver y Commerce Cloud blog.elhacker.net/2026/06/sa…

🔐 CVE-2026-44748: Critical XML Signature Wrapping in SAP NetWeaver (CVSS 9.9). Authenticated attacker with normal privileges can bypass SAML authentication, forge identity, and escalate privileges. 🔗 threataft.com/articles/cve-2… #CyberSecurity #CVE202644748 #SAP #NetWeaver #SAML

#SAP June Patch Day: 6 #HotNews, #CVSS 9.9 #SAML flaw in #NetWeaver. 20 patches total. #SAP #CyberSecurity #Onapsis security-storage-und-channel…

ああ、NetWeaverのバージョンも適切に記載する必要があるぞ（謎）

Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025. "Over the course of thre... f.mtr.cool/sopfyszgxk

ثغرات حرجة تستدعي التحرك السريع. أصدرت SAP إصلاحات لثغرات خطيرة في NetWeaver و Commerce Cloud، ما يجعل أولوية التحديث عالية للفرق الأمنية. Critical SAP flaws need fast attention. SAP has fixed severe vulnerabilities in NetWeaver and Commerce Cloud. Security teams should review exposure and prioritize patching to reduce risk. bleepingcomputer.com/news/se… #SAPSecurity #NetWeaver #CommerceCloud

ثغرات حرجة في SAP تستدعي التحرك السريع. أصدرت SAP تصحيحات لمعالجة ثغرات خطيرة في NetWeaver وCommerce، ما يجعل التحديث أولوية لتقليل مخاطر الاستغلال. Critical SAP vulnerabilities need prompt attention. SAP has released patches for severe flaws affecting NetWeaver and Commerce. Security teams should prioritize review and remediation to reduce exposure. securityweek.com/sap-patches… #SAP #NetWeaver #Cybersecurity