Tag: sap
-
Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957)
A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers >>to a limited extent
-
Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957)
A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers >>to a limited extent
-
Critical SAP S/4HANA Vulnerability Actively Exploited, Allowing Full System Takeover
A critical security flaw in SAP S/4HANA, tracked as CVE-2025-42957, is being actively exploited by attackers, according to research from SecurityBridge. The vulnerability, which carries a CVSS score of 9.9 out of 10, allows a low-privileged user to execute code injection and gain full control of an SAP system. Organizations running SAP S/4HANA on-premise or…
-
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild.The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month.”SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the…
-
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild.The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month.”SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the…
-
Alert: Exploit available to threat actors for SAP S/4HANA critical vulnerability
Tags: access, attack, authentication, business, ciso, credentials, data, exploit, malicious, monitoring, password, programming, sans, sap, service, threat, vulnerability, zero-daydelete and insert data directly in the SAP Database;creating SAP users with SAP_ALL; download password hashes; modify business processes.”Historically, it has been difficult to apply patches to these complex systems, and many organizations will require careful (and slow) testing before the patches are deployed in production,” Johannes Ullrich, dean of research at the SANS Institute, told CSO.”ERP…
-
Pressure on CISOs to stay silent about security incidents growing
Tags: access, breach, business, cio, ciso, corporate, credentials, credit-card, crowdstrike, cybersecurity, data, data-breach, email, finance, framework, group, hacker, iam, identity, incident response, insurance, law, mfa, ransomware, sap, security-incident, software, theft, threat, training‘Intense pressure’ to keep quiet about security incidents: CSO spoke to two other former CISOs who reported pressures to stay silent about suspected security incidents. Both CISOs requested to remain anonymous due to end-of-contract confidentiality agreements made with previous employers.”While working inside a Fortune Global 500 company in Europe, I witnessed this multiple times,” one…
-
So werden CRM-Systeme keine offenen Tore – SAP-Sicherheit zwischen Cloud und Chaos
First seen on security-insider.de Jump to article: www.security-insider.de/sicherheit-in-hybriden-sap-landschaften-a-bc1c71e1d9e9373573e8ccfa152f3beb/
-
Critical SAP Vulns Under Exploitation in ‘One-Two Punch’ Attack
The vulnerabilities themselves aren’t new, but are being exploited in a novel manner that could lead to a devastating attack. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/critical-sap-vulns-under-exploitation
-
Critical SAP Vulns Under Exploitation in ‘One-Two Punch’ Attack
The vulnerabilities themselves aren’t new, but are being exploited in a novel manner that could lead to a devastating attack. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/critical-sap-vulns-under-exploitation
-
Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999)
A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/20/cve-2025-31324-cve-2025-42999-sap-netweaver-exploit-public/
-
Exploit weaponizes SAP NetWeaver bugs for full system compromise
Exploit chaining CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver enables auth bypass and RCE, risking compromise and data theft. A new exploit chaining two vulnerabilities, tracked as CVE-2025-31324 and CVE-2025-42999, in SAP NetWeaver exposes organizations to the risk of system compromise and data theft. CVE-2025-31324 (CVSS score: 10.0) is a missing authorization check in NetWeaver’s Visual Composer…
-
Public Exploit Released for Critical SAP NetWeaver Flaw
A critical flaw in SAP NetWeaver AS Java is being widely exploited, allowing unauthenticated remote code execution First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/sap-netweaver-flaw-exploit-released/
-
Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution
A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft.The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass authentication and achieve remote code execution, SAP security company Onapsis said.CVE-2025-31324 (CVSS score: 10.0) – Missing First seen…
-
SAP 0-Day Exploit Reportedly Leaked by ShinyHunters Hackers
A sophisticated exploit targeting critical SAP vulnerabilities has been publicly released by the notorious hacking group ShinyHunters, significantly escalating the threat landscape for enterprise SAP environments. The exploit, which chains together multiple zero-day vulnerabilities, was allegedly leaked through the >>Scattered LAPSUS$ Hunters ShinyHunters
-
Technical Details of SAP 0-Day Exploitation Script for RCE Revealed
Tags: cve, cyber, cybersecurity, endpoint, exploit, flaw, rce, remote-code-execution, sap, vulnerability, zero-dayCybersecurity researchers have unveiled the inner workings of an exploit script targeting a critical zero-day vulnerability in SAP NetWeaver’s Visual Composer Metadata Uploader, now designated as CVE-202531324. This flaw stems from a missing authorization check on the HTTP endpoint /developmentserver/metadatauploader, enabling unauthenticated file uploads that can lead to remote code execution (RCE) under the SAP…
-
Technical Details of SAP 0-Day Exploitation Script for RCE Revealed
Tags: cve, cyber, cybersecurity, endpoint, exploit, flaw, rce, remote-code-execution, sap, vulnerability, zero-dayCybersecurity researchers have unveiled the inner workings of an exploit script targeting a critical zero-day vulnerability in SAP NetWeaver’s Visual Composer Metadata Uploader, now designated as CVE-202531324. This flaw stems from a missing authorization check on the HTTP endpoint /developmentserver/metadatauploader, enabling unauthenticated file uploads that can lead to remote code execution (RCE) under the SAP…
-
SAP Security Patch Day Fixes 15 Flaws, Including 3 Injection Vulnerabilities
SAP released critical security updates on August 12, 2025, addressing 15 vulnerabilities across its enterprise software portfolio, with three severe code injection flaws receiving the highest CVSS scores of 9.9. The monthly Security Patch Day also included four updates to previously released security notes, highlighting the company’s ongoing commitment to protecting customer environments against evolving…
-
Gefährliche Malware ‘Auto-Color” – Linux-Backdoor über SAP-Schwachstelle eingeschleust
First seen on security-insider.de Jump to article: www.security-insider.de/cyberangriff-us-chemieunternehmen-linux-backdoor-auto-color-a-dbe36842f5cd2d3bbe44c2e6384f909d/
-
Black Hat 2025: Latest news and insights
Tags: access, ai, api, attack, ciso, cloud, conference, crowdstrike, cvss, cyber, cybersecurity, data, defense, email, exploit, finance, firmware, flaw, group, hacker, hacking, identity, Internet, LLM, malicious, malware, reverse-engineering, sap, service, threat, tool, training, update, usa, vulnerability, windowsBlack Hat USAAugust 2-7, 2025Las Vegas, NVBlack Hat USA 2025 returns to the Mandalay Bay Convention Center in Las Vegas on August 2-7. The annual event is a perennial magnet for cybersecurity professionals, researchers, vendors and othersThe week kicks off on August 2 with four days of cybersecurity training courses. The courses cover a range…
-
Auto-Color Backdoor Targets U.S. Chemical Firm via CVE-2025-31324
Tags: access, backdoor, cve, cyberattack, cybersecurity, exploit, hacker, linux, malware, sap, vulnerabilityIn a three-day cyberattack this April, hackers exploited a newly disclosed SAP vulnerability to infiltrate a U.S.-based chemicals company, deploying a stealthy Linux malware known as Auto-Color backdoor. Cybersecurity firm Darktrace says the attackers gained access through a critical flaw… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/auto-color-backdoor-cve-2025-31324/
-
Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company
Hackers exploited a SAP NetWeaver bug to deploy upgraded Auto-Color Linux malware in an attack on U.S. chemicals firm. Cybersecurity firm Darktrace reported that threat actors exploited a SAP NetWeaver flaw, tracked as CVE-2025-31324, to deploy Auto-Color Linux malware in a U.S. chemicals firm attack. >>In April 2025, Darktrace identified an Auto-Color backdoor malware attack…
-
Hackers Target SAP NetWeaver to Deploy New Auto-Color Linux Malware
Cybersecurity researchers at Darktrace have uncovered a sophisticated attack targeting a US-based chemicals company, marking the first observed instance of threat actors exploiting SAP NetWeaver vulnerabilities to deploy Auto-Color backdoor malware. The incident, which occurred over three days in April 2025, demonstrates an alarming evolution in cyber attack tactics combining enterprise software exploitation with advanced…
-
Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware
Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025.”Over the course of three days, a threat actor gained access to the customer’s network, attempted to download several suspicious files and communicated with malicious infrastructure linked to…
-
Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware
Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-sap-netweaver-bug-to-deploy-linux-auto-color-malware/
-
SAP NetWeaver Vulnerability Used in Auto-Color Malware Attack on US Firm
Darktrace uncovers the first exploit of a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deploy Auto-Color backdoor malware. Learn how this evasive Linux RAT targets systems for remote code execution and how AI-powered defence thwarts multi-stage attacks. First seen on hackread.com Jump to article: hackread.com/sap-netweaver-vulnerability-auto-color-malware-us-firm/
-
Auto-Color Backdoor Malware Exploits SAP Vulnerability
Backdoor malware Auto-Color targets Linux systems, exploiting SAP NetWeaver flaw CVE-2025-31324 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/auto-color-backdoor-exploits-sap/
-
Auto-Color RAT targets SAP NetWeaver bug in an advanced cyberattack
Tags: access, ai, attack, cvss, cyberattack, cybersecurity, detection, dns, flaw, malicious, malware, network, rat, sap, update, vulnerability, zero-trustThe attack stopped in its tracks: Darktrace analysts detected the suspicious ELF download and a flurry of odd DNS and SSL connections to known malicious infrastructure. The British cybersecurity outfit claims its “Autonomous Response” intervened within minutes, restricting the device to its usual, legitimate activities while analysts investigated unusual behavior.Darktrace researchers said the malware stalled…
-
Teil 3: Shared Responsibility – Cybersicherheit für SAP: Tools & Verantwortlichkeiten
First seen on security-insider.de Jump to article: www.security-insider.de/sicherheit-in-sap-systemen-klare-rollenverteilung-und-spezialisierte-tools-a-5b47df5a067a6bd4f8a40c854679131e/
-
Adversary Infrastructure and Indicators Behind the SAP NetWeaver 0-Day Exploitation
On the 27th of March 2025, we’ve seen a previously unknown vulnerability (now tagged as CVE-2025-31324) in SAP NetWeaver Visual Composer being exploited in the First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/07/14/adversary-infrastructure-and-indicators-behind-the-sap-netweaver-0-day-exploitation/