We bring you the latest news and alerts detected from Cybersecurity
Cybersecurity
French foreign ministry blames Russian group APT28 for attacking a dozen entities over the past four years
Phishing email campaign by new actor TA2900 targets French and Canadian users to steal bank details
Vulnerabilities
Vulnerabilities in Apple AirPlay protocol and SDK expose unpatched devices to multiple types of attacks
Cybercriminals are actively exploiting Broadcom and Commvault code injection vulnerabilities (CVE-2025-1976 and CVE-2025-3928).
Malware
Phishing mail campaign exploits vulnerability in MS Equation Editor (CVE-2017-11882) to distribute XLoader infostealer
New ransomware campaign deploys LockBit via the Phorpiex botnet that delivers and executes it automatically
Latest threats detected
SAP fixes a top criticality vulnerability in NetWeaver (CVE-2025-31324)
05/05/2025
Executive summary
The vendor patches an RCE vulnerability in NetWeaver Visual Composer that allows malicious files to be uploaded and executed without prior authentication.
Data
Type:
TLP:
Targets:
Affected assets:
Attack vector:
Tags:
Hacking
White
SAP NetWeaver Visual Composer
SAP
Vulnerabilility
0-day, CVE-2025-31324, NetWeaver Visual Composer NetWeaver, SAP
Description
SAP is releasing security updates to fix a remote code execution vulnerability, identified as CVE-2025-31324, with maximum severity (CVSS 10.0) in NetWeaver Visual Composer, which is being actively exploited by cybercriminals.
The vulnerability specifically affects the developmentserver/metadatauploader endpoint in the NetWeaver environment, which enables unknown cyber attackers to load malicious JSP-based webshells in the servlet_jsp/irj/root/ path for persistent remote access and deliver additional payloads. As this is a publicly accessible directory for handling web requests involving JSPs and servlets, multiple clients are compromised.
This exploit could be linked to a known exploit in NetWeaver (CVE-2017-12637) where threat actors are leveraging and combining with a mix of techniques to maximise their impact.
Recommendations
Protection
- Keep the system updated with the latest security patches, both for the operating system and for all installed software.
- Do not download illegal software or software that is not authorised by security policies, as it could contain malware.
- Restrict the use of P2P networks.
- Avoid using the ‘Administrator’ user for general use of the system and installed software.
- Pay attention when surfing the Internet and avoid downloading files of dubious origin or offering fake security solutions.
- It is recommended to use Javascript blockers in browsers to avoid the execution of scripts that could damage your computer.
- Display the extensions for known file types, in order to identify possible executable files that could be passed off as another type of file.
- Apply the patches provided by the manufacturer.
Detection
- Have an EDR with proactive detection capability and always keep it up to date.
- Scan the network with the IoCs included in this threat.
Mitigation
- N/A
Reference
hxxps://support[.]sap[.]com/en/my-support/knowledge-base/security-notesnews/april-2025[.]html
Minsait Cyber
We promote the transformation of business and society through innovative solutions and services, putting people at the center.
Indra is one of the leading global technology and consulting companies: the technology partner for key operations of client businesses worldwide.