A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn. […]
FireCompass Raises $20 Million for Offensive Security Platform
The AI-powered automated penetration testing firm will invest the new funds in R&D, team expansion, and global scale.
The post FireCompass Raises $20 Million for Offensive Security Platform appeared first on SecurityWeek.
In Other News: Scammers Abuse Grok, US Manufacturing Attacks, Gmail Security Claims Debunked
Noteworthy stories that might have slipped under the radar: Google fined €325 million, City of Baltimore sent $1.5 million to scammer, Bridgestone targeted in cyberattack.
The post In Other News: Scammers Abuse Grok, US Manufacturing Attacks, Gmail Security Claims Debunked appeared first on SecurityWeek.
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild.
The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month.
“SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module
The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month.
“SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module
North Korean Hackers Targeted Hundreds in Fake Job Interview Attacks
The hackers were seen actively monitoring cyber threat intelligence to discover and rebuild exposed infrastructure.
The post North Korean Hackers Targeted Hundreds in Fake Job Interview Attacks appeared first on SecurityWeek.
More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach
Proofpoint, SpyCloud, Tanium, and Tenable confirmed that hackers accessed information stored in their Salesforce instances.
The post More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach appeared first on SecurityWeek.
Recent SAP S/4HANA Vulnerability Exploited in Attacks
A critical SAP S/4HANA code injection flaw tracked as CVE-2025-42957 and allowing full system takeover has been exploited in the wild.
The post Recent SAP S/4HANA Vulnerability Exploited in Attacks appeared first on SecurityWeek.
VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages
Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system.
The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded JavaScript payload, which then decodes and injects a Base64-encoded HTML phishing page masquerading as a
The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded JavaScript payload, which then decodes and injects a Base64-encoded HTML phishing page masquerading as a
Hackers exploited Sitecore zero-day flaw to deploy backdoors
Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. […]
Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries
The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries.
NotDoor “is a VBA macro for Outlook designed to monitor incoming emails for a specific trigger word,” S2 Grupo’s LAB52 threat intelligence team said. “When such an email is
NotDoor “is a VBA macro for Outlook designed to monitor incoming emails for a specific trigger word,” S2 Grupo’s LAB52 threat intelligence team said. “When such an email is