SAP released fixes for 15 security flaws in its June 2026 patch package, with four critical-severity vulnerabilities affecting NetWeaver and Commerce Cloud platforms.
SAP addressed the vulnerabilities through its monthly security update, prioritizing threats to two widely-used enterprise systems. NetWeaver and Commerce Cloud, which support critical business operations across numerous organizations, were the primary targets of the critical flaws.
The four critical-severity issues pose significant risk to affected deployments. Critical vulnerabilities in enterprise software can enable unauthorized access, data breaches, or system compromise if exploited. Organizations running these platforms should prioritize applying the patches.
The remaining 11 vulnerabilities in the patch package carry lower severity ratings. SAP's phased approach to security releases allows the company to address multiple threats across its product portfolio simultaneously.
NetWeaver serves as the foundation for many SAP applications, including ERP and CRM systems used by enterprises globally. Commerce Cloud supports e-commerce operations for retail and manufacturing organizations. Both platforms process sensitive business and customer data, making security updates critical.
SAP recommends customers review the security advisory for detailed information about each vulnerability, including affected versions and mitigation steps. Organizations should test patches in non-production environments before deploying to live systems.
The company typically releases security patches on the second Tuesday of each month. This structured schedule helps organizations plan maintenance windows and allocate resources for patch management.
Regular patching remains essential for maintaining enterprise security posture. Unpatched systems present ongoing risk from both known and emerging threats. Organizations should establish processes to deploy critical and high-severity patches promptly while managing operational requirements.
Security researchers have identified critical vulnerabilities in Honda Civic infotainment systems that could allow malicious valets or service attendants to access vehicle data and controls. The findings build on previous reverse-engineering work from May 2023.
Tom Honeyands, host of YouTube channel 'The Tech Chap', was defrauded of £70,000 after receiving a convincing call from someone impersonating Lloyds Bank. The incident has prompted the tech expert to reconsider what personal information he shares publicly online.
A Derbyshire Police officer is under investigation for allegedly using artificial intelligence to create false evidence in multiple criminal cases. The misconduct inquiry raises serious questions about AI misuse within law enforcement.
A former IT employee at an Iowa school district was sentenced to 21 months in prison for conducting a prolonged cyberattack against his former employer. The attacks disrupted classroom operations, deleted accounts, and caused tens of thousands of dollars in damages.