InfoSecBulletin Cybersecurity for mankind
Shadow servers found 454 vulnerable SAP NetWeaver systems at risk from a critical zero-day exploit currently being used in attacks.
CVE-2025-31324 is a vulnerability that lets unauthenticated attackers upload malicious files to affected systems, risking full system compromise.
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action
Adobe Releases Patch Fixing 254 Vulnerabilities With High-Severity Security Gaps
Alert
40,000 + live internet cameras exposed globally !
Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched
84,000+ Roundcube instances vulnerable to actively exploited flaw
CVE-2025-24016
Critical Wazuh RCE Actively Exploited by Mirai Botnets
CISA Issues Seven Advisories for Industrial Control Systems (ICS)
ClickFix Attack Exploits Fake Cloudflare Human Check to Install Malware
A severe flaw with a CVSS score of 10.0 affects the Metadata Uploader component of SAP NetWeaver Visual Composer. Discovered in April 2025 by ReliaQuest security researchers, this vulnerability has been exploited in attacks on organizations, including those with fully-patched SAP systems.
Security researchers have found that some attackers used advanced post-exploitation tools like the Brute Ratel C4 framework and evasion techniques like Heaven’s Gate to avoid endpoint protection.
“The vulnerability is particularly dangerous because it requires no authentication, is relatively straightforward to execute, requires no user interaction, and potentially gives attackers full control over the affected system,” Vahagn Vardanian of RedRays explained.
On April 24, 2025, SAP issued an emergency patch via Security Note 3594142, outside its usual schedule. Organizations should apply this patch immediately or use the temporary workaround in SAP Note 3593336 if they cannot patch right away.
Organizations using SAP systems should implement effective security monitoring and maintain regular patching schedules to reduce future threats.
Request Smuggling Vulnerability in Python’s h11 HTTP Library
