The flaws could lead to the disclosure of sensitive information, memory corruption, and disruption of normal system usage.
The post SAP Patches Critical NetWeaver, Commerce Vulnerabilities appeared first on SecurityWeek.
CISA Announces Winners of the 2026 President’s Cup Cybersecurity Competition
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate itself, all without human intervention and without touching a commercial AI service.
The preprint, posted to arXiv on
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild – Patch Now
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild.
The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome’s JavaScript and WebAssembly engine.
“Out-of-bounds read and write in V8 in Google Chrome prior to 149.0.7827.103
Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks
The most recent variants of the self-propagating attacks are named Miasma and Hades.
The post Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks appeared first on SecurityWeek.
The Hidden Security Risk in Modern Networks: The Work Between Tools
Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort.
But the same challenges persist. Outages still last hours, causing significant financial losses, operational disruption, and reputational impact. Threat response and mean time to
Will AI Kill the Bug Bounty Industry?
Anthropic’s Mythos is accelerating vulnerability discovery to machine speed, forcing the bug bounty industry and offensive security teams to adapt to a future where finding flaws is no longer the hard part.
The post Will AI Kill the Bug Bounty Industry? appeared first on SecurityWeek.
French govt messaging service breached in account hijacking attack
DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government’s encrypted messaging platform. […]
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt.
You open the page, leave the tab sitting there, and it watches the drive for contention in the background.
Researchers at Graz University of Technology built it and
Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks
The authentication bypass vulnerability allows attackers to establish VPN connections without a valid password.
The post Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks appeared first on SecurityWeek.