CyberSecurity news

FlagThis

Ddos@securityonline.info //

Chinese Hackers Exploit SAP Zero-Day, Deploy SuperShell

Original img attribution: https://securityonline.info/wp-content/uploads/2025/02/hacked.jpg
ImgSrc: securityonline.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • onapsis.com: Onapsis and Mandiant: Latest Intelligence on Critical SAP Zero-Day Vulnerability (CVE-2025-31324)
  • securityaffairs.com: Experts warn of a second wave of attacks targeting SAP NetWeaver bug CVE-2025-31324
  • MSSP feed for Latest: Second Wave of Attacks Targets SAP NetWeaver
  • The Hacker News: Hundreds of SAP NetWeaver instances hacked via a zero-day that allows remote code execution, not only arbitrary file uploads, as initially believed.
  • BleepingComputer: Chinese hackers behind attacks targeting SAP NetWeaver servers
  • www.scworld.com: Remote code execution possible of SAP NetWeaver Visual Composer flaw rated 10.0.
  • The DefendOps Diaries: Understanding the CVE-2025-31324 Vulnerability in SAP NetWeaver Servers
  • www.bleepingcomputer.com: Chinese hackers behind attacks targeting SAP NetWeaver servers
  • Talkback Resources: A threat actor linked to China is exploiting a critical SAP NetWeaver vulnerability (CVE-2025-31324) for remote code execution, targeting multiple industries globally, prompting the need for prompt patching and enhanced security measures.
  • Unit 42: CVE-2025-31324 impacts SAP NetWeaver's Visual Composer Framework. We share our observations on this vulnerability using incident response cases and telemetry.
  • unit42.paloaltonetworks.com: CVE-2025-31324 impacts SAP NetWeaver's Visual Composer Framework. We share our observations on this vulnerability using incident response cases and telemetry. The post appeared first on .
  • bsky.app: Forescout Vedere Labs security researchers have linked ongoing attacks targeting a maximum severity vulnerability impacting SAP NetWeaver instances to a Chinese threat actor.
  • cyberpress.org: Chinese Hackers Leverage SAP RCE Vulnerability to Install Supershell Backdoors
  • the420.in: Chinese Hackers Target SAP Systems in Global Cyber Campaign
  • malware.news: SAP NetWeaver bug exploited since January, allows RCE
  • fortiguard.fortinet.com: A zero-day SAP vulnerability, CVE-2025-31324, with CVSS score of 10.0 is being actively exploited in the wild. This vulnerability affects SAP Visual Composer, allowing unauthenticated threat actors to upload arbitrary files, resulting in full compromise of the targeted system that could significantly affect the confidentiality, integrity, and availability of the targeted system.
  • securityonline.info: From Web Shell to Full Control: APT-Style Exploits Surge Against SAP NetWeaver
  • securityonline.info: From Web Shell to Full Control: APT-Style Exploits Surge Against SAP NetWeaver
  • Cyber Security News: A critical deserialization vulnerability, CVE-2025-31324, affecting SAP NetWeaver Visual Composer 7.x, is being actively exploited in the wild, according to recent research by Forescout.
  • The420.in: Details the exploitation of CVE-2025-31324 by a Chinese threat group, Chaya_004.
  • Onapsis: Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324)
  • The DefendOps Diaries: Understanding the Critical SAP NetWeaver Vulnerabilities and Their Impact
  • The Hacker News: China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide
  • EclecticIQ Blog: EclecticIQ analysts report that in April 2025, China-nexus APTs exploited SAP NetWeaver vulnerabilities to target critical infrastructures globally.
  • securebulletin.com: China-Linked APTs exploit critical SAP NetWeaver vulnerability to breach over 580 systems globally
  • cyberpress.org: EclecticIQ analysts have confirmed with high confidence that multiple China-nexus advanced persistent threat (APT) groups exploited a critical zero-day vulnerability in SAP NetWeaver Visual Composer, tracked as CVE-2025-31324, to breach critical infrastructure and enterprise networks globally.
  • Onapsis: Onapsis and Mandiant: Latest Intelligence on Critical SAP Zero-Day Vulnerability (CVE-2025-31324)
  • The DefendOps Diaries: Understanding the Threat: CVE-2025-31324 and Its Impact on SAP NetWeaver
  • Secure Bulletin: China-Linked APTs exploit critical SAP NetWeaver vulnerability to breach over 580 systems globally
  • www.techradar.com: SAP patches recently exploited zero-day in wake of NetWeaver server attacks
  • arcticwolf.com: Follow-up: Second Zero-Day Vulnerability Impacting SAP Netweaver Exploited in the Wild (CVE-2025-42999)
  • onapsis.com: Threat Briefing Report: Critical SAP Vulnerabilities (CVE-2025-31324 and CVE-2025-42999) Under Active Mass Exploitation
  • Blog: Second zero-day in SAP NetWeaver actively exploited
  • www.techradar.com: SAP NetWeaver woes worsen as ransomware gangs join the attack
  • The Hacker News: China-Linked APTs Exploit SAP CVE-2025-31324 to Deploy PipeMagic Trojan
  • socprime.com: Detect CVE-2025-31324 Exploitation by Chinese APT Groups Targeting Critical Infrastructure
  • Onapsis: Threat Briefing Report: Critical SAP Vulnerabilities (CVE-2025-31324 and CVE-2025-42999) Under Active Mass Exploitation
  • SOC Prime Blog: Detect CVE-2025-31324 Exploitation by Chinese APT Groups Targeting Critical Infrastructure
Classification: