Security Boulevard

Don’t say ‘spyware’—21 million screenshots in one open bucket.

The post 200,000 Workers’ PII at Risk in WorkComposer S3 SNAFU appeared first on Security Boulevard.

SAP has released out-of-band patch to address CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver that has been exploited by threat actors. Organizations are strongly encouraged to apply patches as soon as possible.

Background

On April 22, ReliaQuest published details of their investigation of exploit activity in SAP NetWeaver servers. Initially it was unclear if their discovery was a new vulnerability or the abuse of CVE-2017-9844, a vulnerability that could lead to a denial-of-service (DoS) condition or arbitrary code execution. ReliaQuest reported their findings to SAP and on April 24, SAP disclosed CVE-2025-31324, a critical missing authorization check vulnerability with the highest severity CVSS score of 10.0.

CVE Description CVSSv3 VPR CVE-2025-31324 SAP NetWeaver Unauthenticated File Upload Vulnerability 10.0 8.1

*Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly. This blog post was published on April 25 and reflects VPR at that time.

Analysis

CVE-2025-31324 is an unauthenticated file upload vulnerability affecting the Metadata Uploader component of SAP NetWeaver Visual Composer. Successful exploitation of this vulnerability could allow an unauthenticated attacker to upload malicious files which can be used by an attacker to achieve code execution. The flaw is the result of missing authorization checks to the “/developmentserver/metadatauploader” endpoint. According to ReliaQuest, this vulnerability has been exploited in the wild as a zero-day by threat actors who have abused the flaw to upload malicious web shells to affected hosts. These webshells were used to deploy malware and establish communications with command and control (C2) servers.

Proof of concept

At the time this blog was published, no proof-of-concept (PoC) code had been published for CVE-2025-31324. If a public PoC exploit becomes available, we anticipate a variety of attackers will attempt to leverage this flaw in their attacks as SAP products are widely used by a variety of organizations, including government agencies.

Solution

SAP has released patches for affected versions of SAP NetWeaver. At this time, the SAP security note #3594142 is not publicly accessible, so we are unable to provide a list of affected and patched versions. It is important to note that these patches were released after SAP’s April 2025 Security Patch Day published on April 8. So even if those patches were applied, you will still need to apply the out-of-band patches released for CVE-2025-31324.

Identifying affected systems

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2025-31324 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Additionally, customers can utilize Tenable Attack Surface Management to identify public facing assets running SAP NetWeaver by using the following filters:

Get more information

• ReliaQuest Blog: ReliaQuest Uncovers New Critical Vulnerability in SAP NetWeaver
• SAP Security Patch Day - April 2025

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

The post CVE-2025-31324: Zero-Day Vulnerability in SAP NetWeaver Exploited in the Wild appeared first on Security Boulevard.

As fractious as Congress has been for the better part of a decade, it did manage to pass the Cybersecurity Information Sharing Act in 2015. And now that it’s up for renewal, it seems prudent—no, necessary—that Congress unite to okay it once again. 

The post Bipartisanship Key to CISA Renewal appeared first on Security Boulevard.

Empower your MSP or MSSP with AI-driven cybersecurity. Discover how Seceon enables service providers to deliver scalable, automated threat detection and response across multi-tenant environments. Whether you’re a Managed Security Service Provider (MSSP), Managed Service Provider (MSP), enterprise IT leader, or cybersecurity analyst, adopting an AI-driven platform is no longer a competitive edge—it’s a business

The post AI-Based Cybersecurity Solutions appeared first on Seceon Inc.

The post AI-Based Cybersecurity Solutions appeared first on Security Boulevard.

From ransomware attacks disrupting school systems to phishing scams targeting student credentials, educational institutions are prime targets for cybercriminals. Cybersecurity education is critical to protecting individual students and the vast, complex systems that support their learning.  

The post It’s Time to Prioritize Cybersecurity Education   appeared first on Security Boulevard.

If a company as big as Bybit can lose over a billion, it points to a much deeper issue and that should alarm anyone in crypto.

The post Who’s to Blame for Bybit? appeared first on Security Boulevard.

Company Overview Aurascape is a cybersecurity startup founded in 2023 and headquartered in Santa Clara, California, USA. The company was co-founded by senior security experts and engineers from world-class technology companies such as Palo Alto Networks, Google, and Amazon. The team has deep expertise in the fields of network security, artificial intelligence, and network infrastructure, […]

The post RSAC 2025 Innovation Sandbox | Aurascape: Reconstructing the Intelligent Defense Line of AI Interactive Visibility and Native Security appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post RSAC 2025 Innovation Sandbox | Aurascape: Reconstructing the Intelligent Defense Line of AI Interactive Visibility and Native Security appeared first on Security Boulevard.

Microsoft has announced the retirement of Entra Permissions Management (formerly CloudKnox), with sales ending June 30, 2025. EPM offered valuable visibility into cloud permissions, helping teams identify overprivileged identities across AWS, Azure, and GCP. But for many organizations, that visibility came with significant manual overhead: Policy rewrites, change windows, and time-consuming investigations. As EPM sunsets, […]

The post A Smarter Alternative to Entra Permissions Management appeared first on Security Boulevard.

As cloud environments become more complex, ensuring robust security for your cloud infrastructure is no longer an option, but a necessity. 

The post Cloud Infrastructure Security: Threats, Challenges & How to Protect Your Data  appeared first on Security Boulevard.

Introduction As generative artificial intelligence (GenAI) and large language models (LLM) rapidly penetrate corporate operations, data leakage and privacy risks have become major challenges faced by enterprises. Knostic, a startup founded in 2023, is providing enterprises with a layer of intelligent security protection with its innovative Need-to-Know access control technology to ensure the safe deployment […]

The post RSAC 2025 Innovation Sandbox | Knostic: Reshaping the Access Control Paradigm for Enterprise AI Security appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post RSAC 2025 Innovation Sandbox | Knostic: Reshaping the Access Control Paradigm for Enterprise AI Security appeared first on Security Boulevard.

Vulnerabilities: It's not their presence but their visibility and controlled management that defines secure development.

The post Security at Arm’s Length: Why the Lag Between Detection and Action Keeps Growing appeared first on Security Boulevard.

Stay updated with the latest in Java! Discover key updates from OpenJDK, Spring Framework, and AWS, plus critical news affecting the community.

The post Java and AWS Updates, Mayor’s Budget Cuts, and Floods in Indonesia appeared first on Security Boulevard.

Discover how a backdoored Go package exploited the module mirror for 3+ years. Learn vital security practices to safeguard your code.

The post Three-Year Go Module Mirror Backdoor Exposed: Supply Chain Attack appeared first on Security Boulevard.

The post Life in the Swimlane with Nikko Warford, Regional Sales Director appeared first on AI Security Automation.

The post Life in the Swimlane with Nikko Warford, Regional Sales Director appeared first on Security Boulevard.

Why is Secrets Vaulting a Critical Component of Modern Cybersecurity? Several organizations have stepped up to embrace digital transformation, only to overlook a crucial aspect of cybersecurity- Non-Human Identities (NHIs) and Secrets Security Management. Without effective secrets vaulting, organizations are left exposed to the risk of unauthorized access and data breaches. But what makes secrets […]

The post Empowered by Better Secrets Vaulting appeared first on Entro.

The post Empowered by Better Secrets Vaulting appeared first on Security Boulevard.

What if You Could Calm Your NHI Management Concerns? Where businesses are migrating to the cloud at an astonishing pace, the security of Non-Human Identities (NHIs) and their associated secrets has become an absolutely critical concern. NHIs and their associated secrets, if not managed correctly, can significantly increase the risk of security breaches and data […]

The post Calm Your NHI Management Concerns appeared first on Entro.

The post Calm Your NHI Management Concerns appeared first on Security Boulevard.

Are Your Cybersecurity Efforts Truly Scalable? A question all organizations grapple with: is your cybersecurity infrastructure ready to adapt, evolve and scale alongside your business? Achieving scalable cybersecurity solutions forms the bedrock of data protection strategies. Not just from the viewpoint of managing the increasing volume of data, but also to combat advanced threats that […]

The post Is Your Cybersecurity Scalable Enough? appeared first on Entro.

The post Is Your Cybersecurity Scalable Enough? appeared first on Security Boulevard.

How Can We Mitigate Security Risks? Finding an answer to this pressing question is crucial. The answer often lies in focusing on enhanced data security. While organizations are transitioning to digitized platforms, protecting digital assets becomes paramount. Where does enhanced data security fit into this equation, and how can it reassure organizations about the safety […]

The post Feel Reassured with Enhanced Data Security appeared first on Entro.

The post Feel Reassured with Enhanced Data Security appeared first on Security Boulevard.

Author/Presenter: Ariana Mirian

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Ground Truth – What Do We Learn When We Scan The Internet Every Hour? appeared first on Security Boulevard.

As enterprises brace for a new wave of stealthy intrusions — so-called Typhoon attacks — security leaders are doubling down on network intelligence that goes beyond surface-level alerts.

Related: What is NDR?

In this RSAC 2025 Fireside Chat, I sat … (more…)

The post RSAC Fireside Chat: The NDR evolution story—from open source start to kill chain clarity first appeared on The Last Watchdog.

The post RSAC Fireside Chat: The NDR evolution story—from open source start to kill chain clarity appeared first on Security Boulevard.