Ticker feed

SAP dropped 17 security patches on January 13, 2026, targeting dangerous vulnerabilities that could let attackers take complete control of enterprise systems. Four critical flaws scored up to 9.9 on the severity scale, including a SQL injection bug in S/4HANA financials (CVE-2026-0501) that lets low-level users steal financial data.

The scariest issue hits SAP's monitoring tool - unauthenticated attackers can remotely execute code just by tricking users into clicking something malicious. Two other code injection flaws in S/4HANA and Landscape Transformation scored 9.1, allowing privileged users to run malicious code remotely.

SAP urges administrators to patch the SQL injection and remote code execution vulnerabilities within 24 hours. Companies should test updates in staging environments first, focusing on S/4HANA and HANA systems that power most enterprise operations.

Source: Cyber Security News

Instagram users worldwide received unexpected password reset emails this week, sparking fears of a security breach. The company denied any system compromise, claiming it fixed an issue that allowed "an external party" to trigger legitimate password reset requests.

However, cybersecurity firm Malwarebytes contradicted Instagram's statement, alleging hackers stole data from 17.5 million accounts including usernames, addresses, and phone numbers. The firm linked the emails to an ongoing sale of Instagram user data on hacker forums, though some researchers believe it's old publicly available information from 2022.

Instagram hasn't explained who the "external party" was or how they gained this capability. Users should change passwords directly through Instagram's official app or website.

Source: BBC News

Meta fixed an Instagram vulnerability that let third parties send password reset emails to users, causing confusion across the platform. The company insists no breach occurred and accounts remain secure.

Separately, cybersecurity firm Malwarebytes warned that hackers leaked data from 17.5 million Instagram accounts, including usernames, emails, phone numbers, and addresses. However, experts clarified this isn't new data—it's from a 2022 leak that resurfaced in November 2024.

The two incidents appear unrelated despite their timing. Users can safely ignore the password reset emails.

Source: SecurityWeek

Security researchers have discovered a severe buffer overflow vulnerability in zlib's untgz utility version 1.3.1.2 that lets attackers execute malicious code through simple command-line input.

The flaw exists in the TGZfname() function, where an unbounded strcpy() call copies user-supplied archive names into a fixed 1,024-byte buffer without any length validation. Attackers can trigger memory corruption by simply providing filenames longer than 1,024 bytes as command-line arguments.

Researchers demonstrated the exploit using a 4,096-byte filename, which caused a global buffer overflow affecting memory beyond the function's scope. This makes the vulnerability particularly dangerous since the corruption persists and can influence subsequent program behavior, potentially leading to code execution.

Source: Cyber Security News

Cisco Talos researchers have exposed UAT-7290, a sophisticated threat group active since 2022 that's been infiltrating critical infrastructure across South Asia. The hackers deploy a custom malware toolkit including RushDrop, DriveSwitch, and SilentRaid to establish persistent access and conduct espionage operations.

The group primarily targets telecommunications providers but has recently expanded into Southeastern Europe. They use one-day exploits and SSH brute force attacks to compromise edge devices, then burrow deep into victim networks. Beyond espionage, UAT-7290 also converts infected systems into operational relay boxes that other Chinese threat actors can use.

Cisco's analysis reveals significant overlaps with known Chinese military unit PLA 69010, suggesting state-sponsored backing for these ongoing cyber operations.

Source: Industrial Cyber

European law enforcement has dealt a major blow to the Black Axe cybercrime syndicate, arresting 34 suspects across Spain in a coordinated operation. Spanish National Police, working with German authorities and Europol support, detained 28 people in Seville and others in Madrid, Málaga, and Barcelona.

The West African-originated gang generates billions annually through business email scams, romance fraud, and phishing attacks. This Spanish cell alone caused nearly €6 million in damages. Authorities froze €119,352 in bank accounts and seized €66,403 in cash during raids.

Ten Nigerian nationals were among those arrested. The operation specifically targeted Black Axe's recruitment of money mules in high-unemployment areas for laundering schemes.

Source: Infosecurity Magazine

Cybercriminals are running a sophisticated phishing campaign that tricks people searching for Fortinet VPN downloads. The attackers created fake sites that look identical to Fortinet's official portal and manipulated AI-powered search summaries to promote their malicious links.

The scam works by hosting initial content on GitHub to appear trustworthy, then redirecting users from search engines to fake Fortinet sites. These sites demand VPN credentials before allowing downloads, stealing login information while providing legitimate software to avoid suspicion.

Security researchers warn this represents a new threat where AI search tools inadvertently promote malicious content. IT teams should block domains like vpn-fortinet[.]github[.]io and fortinet-vpn[.]com, while reminding staff that real software downloads don't require credentials upfront.

Source: Cybersecurity News

The Information Commissioner's Office has told Jeremy Corbyn's Peace and Justice Project that Zarah Sultana's unauthorised launch of Your Party's membership portal in September may constitute "serious criminal activity" requiring police investigation.

The drama unfolded when Sultana sent emails to 800,000 people promoting £55 memberships without authorization. Corbyn quickly issued an "urgent message" calling the site "unauthorised" and seeking legal advice.

While the ICO declined to investigate directly, it advised referring the matter to police and fraud authorities. Sultana dismissed the concerns Friday, claiming the ICO "dropped the case" and vowing to continue building what she calls the UK's largest socialist party since the 1940s.

Source: The Guardian

Check Point researchers discovered a sophisticated investment fraud operation that uses AI to create an entirely fake reality for victims. The scam starts with SMS messages directing targets to WhatsApp groups that appear to be legitimate investment discussions. However, everything is fabricated—the financial experts, group members, trading results, and even the investment company 'OPCOPRO' are AI-generated.

Victims spend weeks interacting with fake personas before being offered access to an exclusive trading platform promising 700% returns. Beyond stealing crypto investments, scammers harvest personal documents that could enable identity theft, corporate security breaches, or future blackmail schemes. Investment fraud cost victims $6.5 billion last year, making it cybercrime's most lucrative category.

Source: Infosecurity Magazine

Jaguar Land Rover's sales crashed in the final quarter of 2024, with wholesale volumes dropping 43.3% to 59,200 vehicles. The British carmaker was hit by a devastating cyber attack in late August that forced factory shutdowns across the UK, Slovakia, Brazil, and India through September, pushing the company into a nearly £500 million quarterly loss.

Production didn't return to normal until mid-November, creating a global distribution backlog. US tariffs on JLR exports added to the pain, while retail sales fell across all markets - North America down 37.7%, Europe 26.9%, and the UK 13.3%. The company's much-hyped electric Jaguar relaunch faced online criticism, and design boss Gerry McGovern departed after defending the controversial marketing campaign.

Source: The Guardian