SAP News Articles

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

Earth Lamia exploited SAP NetWeaver CVE-2025-31324 to breach Asian and Brazilian orgs since 2023.

4 days ago

Ransomware groups join attacks on SAP NetWeaver

Administrators are strongly advised to update their SAP NetWeaver servers quickly or disable the Visual Composer component.

2 weeks ago

Critical SAP NetWeaver Vuln Faces Barrage of Cyberattacks

As threat actors continue to hop on the train of exploiting CVE-2025-31324, researchers are recommending that SAP administrators patch as soon as possible so that they don't fall victim next.

3 weeks ago

SAP Flaw Exploited by Ransomware Groups and Chinese-Backed Hackers

The critical vulnerability is being exploited by BianLian, RansomwEXX and a Chinese nation-state actor known as Chaya_004

3 weeks ago

BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan

BianLian and RansomExx Exploit SAP CVE-2025-31324 for Full Access, Deploy PipeMagic and Brute Ratel in Multi-Nation Attacks.

3 weeks ago

Ransomware gangs join ongoing SAP NetWeaver attacks

Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers.

3 weeks ago

ReliaQuest Uncovers New Critical Vulnerability in SAP NetWeaver

ReliaQuest has uncovered a new vulnerability in SAP NetWeaver, CVE-2025-31324, involving unauthorized file uploads and malicious execution.

3 weeks ago

SAP patches second zero-day flaw exploited in recent attacks

SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day.

3 weeks ago

China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide

581 SAP NetWeaver instances hacked via CVE-2025-31324 + Confirmed China-nexus APT involvement + Critical infrastructure at risk.

3 weeks ago

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors - Help Net Security

A second wave of attacks against hundreds of SAP NetWeaver platforms compromised via CVE-2025-31324 is underway.

3 weeks ago

CVE-2025-31324 exploit attempts on the rise – Global Security Mag Online

CVE-2025-31324 exploit attempts on the rise by CrowdSec

3 weeks ago

Threat Brief: CVE-2025-31324

CVE-2025-31324 impacts SAP NetWeaver's Visual Composer Framework. We share our observations on this vulnerability using incident response cases and telemetry. CVE-2025-31324 impacts SAP NetWeaver's Visual Composer Framework. We share our observations on this vulnerability using incident response cas...

3 weeks ago

Chinese hackers behind attacks targeting SAP NetWeaver servers

Forescout Vedere Labs security researchers have linked ongoing attacks targeting a maximum severity vulnerability impacting SAP NetWeaver instances to a Chinese threat actor.

3 weeks ago

Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell

China-based hackers exploited SAP flaw CVE-2025-31324 since April 29, impacting global industries via web shells.

4 weeks ago

Experts warn of a second wave of attacks targeting SAP NetWeaver bug CVE-2025-31324

Threat actors launch second wave of attacks on SAP NetWeaver, exploiting webshells from a recent zero-day vulnerability.

1 month ago

Week in review: Critical SAP NetWeaver flaw exploited, RSAC 2025 Conference - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: RSAC 2025 Conference RSAC 2025 Conference took place at

1 month ago

SAP confirms NetWeaver vulnerability is being actively exploited

Critical SAP vulnerability (CVE-2025-31324) actively exploited with webshells. Threat level: High/High. Install the emergency patch immediately and check systems.

SAP vulnerability | CVE-2025-31324

Security alert on the SAP NetWeaver technical platform and Stormshield cyber protection against CVE-2025-31324.

SAP NetWeaver Visual Composer Flaw Under Active Exploitation

CVE-2025-31324 is a maximum severity bug that attackers exploited weeks before SAP released a patch for it.

Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw

Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers.

Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) - Help Net Security

CVE-2025-31324, a critical vulnerability in SAP NetWeaver, is being actively exploited by attackers to upload malicious webshells.

SAP patches zero-day vulnerability in NetWeaver, denies exploitation

SAP has released emergency patches for a critical zero-day in NetWeaver Visual Composer that allows attackers to execute unauthenticated code.

SAP Fixes Critical Vulnerability After Evidence of Exploitation

A maximum severity flaw affecting SAP NetWeaver has been exploited by threat actors

SAP fixes suspected Netweaver zero-day exploited in attacks

SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers.

CVSS 10 SAP NetWeaver bug is under active attack

SAP NetWeaver customers are coming under widespread attack, as threat actors exploit a maximum criticality CVSS 10 vulnerability that has now been allocated  CVE-2025-31324. The vulnerability, which affects the platform’s visual composer, lets a remote and unauthenticated attacker upload malicious ...

SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers

Threat actors exploit SAP NetWeaver flaw + zero-day suspected + CVE-2025-31324 enables file uploads.

Critical SAP NetWeaver Vulnerability (CVE-2025-31324) Fixed: Actively Exploited in the Wild

Critical SAP NetWeaver vulnerability (CVE-2025-31324) with CVSS 10.0 allows remote code execution via file upload. Patch immediately - active exploits detected in the wild.

SAP Zero-Day Possibly Exploited by Initial Access Broker

A zero-day vulnerability in SAP NetWeaver potentially affects more than 10,000 internet-facing applications.

Critical vulnerability in SAP NetWeaver under threat of active exploitation

Attackers have been observed dropping webshell backdoors and researchers warn the application is popular among government agencies.

Critical SAP NetWeaver Flaws Let Hackers Gain System Access

SAP has released its January 2025 Security Patch Day updates, addressing 14 new vulnerabilities, including two critical flaws in SAP NetWeaver that could allow attackers to gain unauthorized access to affected systems. The most severe vulnerability, CVE-2025-0070, is an improper authentication issue...

SAP Update: Patches Fix Critical Flaws For Businesses

This month's SAP update addresses critical flaws that could allow attackers to bypass authentication and gain complete control of affected systems.

CVE-2023-27497 : SAP DIAGNOSTICS AGENT 720 ON WINDOWS EVENTLOGSERVICECOLLECTOR MISSING AUTHENTICATION - Cloud WAF

CVE-2023-27497 : Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent.

CVE-2024-39592 : SAP PDCE S4CORE 102 UP TO S4COREOP 107 AUTHORIZATION - Cloud WAF

CVE-2024-39592 : Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

SAP Security Patch Day May 2024: Critical CVE-2024-33006 Vulnerability Could Lead to System Takeover - Malware News - Malware Analysis, News and Indicators

SAP Security Patch Day May 2024: Critical CVE-2024-33006 Vulnerability Could Lead to System Takeover On May 14, 2024, SAP delivered its monthly security updates, which included 14 new Security Notes alongside updates to …

CVE-2024-27899 : SAP NETWEAVER AS JAVA USER MANAGEMENT ENGINE 7.50 USER ADMIN APPLICATION PASSWORD RECOVERY - Cloud WAF

CVE-2024-27899 : Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer.