Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver
Stay informed on the latest exploit trends and vulnerabilities. Get expert insights and updates on information security exploits with our dedicated tag.
Search across headline titles and summaries.
Background for this topic.
An exploit is code, data, or a sequence of actions that uses a software, hardware, or configuration vulnerability to produce unintended behavior. Depending on the flaw and the attacker’s access, it may enable unauthorized code execution, privilege escalation, information disclosure, or denial of service. Exploitation can occur remotely through exposed services, web applications, or client software, or locally after an attacker gains limited access.
Exploitation matters because a vulnerability becomes an active attack path when the required conditions are reachable and exploitable. Defenders should inventory affected assets, prioritize remediation when exploitation is known or credible, apply patches or vendor mitigations, and reduce exposure through access controls, segmentation, and secure configuration. Monitoring for exploit-specific indicators—such as abnormal requests, unexpected processes, or privilege changes—supports detection; systems suspected of successful exploitation require containment and investigation for follow-on access.
A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver
Also: Iberian Blackout, Delta Faces Lawsuit Linked to CrowdStrike OutageEvery week, ISMG rounds up cybersecurity incidents and breaches around the world. This week: Mirai Botnet Exploits Flaws in GeoVision, the Iberian blackout under investigation, dueling cybersecurity advisories from India and Pakistan, Delta must face a lawsuit linked to CrowdStrike outage.
Three vulnerabilities in SMA 100 gateways could facilitate root RCE attacks, and one of the vulnerabilities has already been exploited in the wild.
Researchers spot in-the-wild exploits of Samsung MagicInfo despite recent patch
Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system
Funding Will Fuel R&D Push Into Automated Remediation and Risk Prioritization ToolsWith code increasingly generated by AI and attackers using AI for exploits, OX Security raised $60 million to scale R&D and help developers prioritize critical vulnerabilities. The company aims to close detection gaps and reduce time-to-remediation in application security.
California Man Pleads Guilty to Two Felony Charges Related to Hacking Employee's PCA California man agreed to plead guilty to hacking a Disney employee's personal computer and stealing over one terabyte of confidential company data. Authorities say the man posted a malicious artificial intelligence art application online and used it to steal an employee's credentials.
Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. [...]
A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild
CISO Sean Atkinson on Proactive, Integrated Approach to Hybrid Threat DefenseCenter for Internet Security CISO Sean Atkinson calls for integrated threat intelligence, stronger community collaboration, and enhanced playbooks to confront rising hybrid threats that exploit gaps across cybersecurity and physical domains.
Trellix's John Fokker Advises CISOs to Prioritize Patching, MFA, Network VisibilityThreat actors aren't rushing to adopt AI tools to exploit vulnerabilities. "They still prefer a victim with weak passwords, bad MFA, bad patching. It is the easiest way to make money for criminals so they don't have to invest in AI," said John Fokker, head of threat intelligence at Trellix.
A proof-of-concept exploit has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. [...]
Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral them into a Mirai botnet for conducting distributed denial-of-service (DDoS) attacks
It wasn't ransomware headlines or zero-day exploits that stood out most in this year's Verizon 2025 Data Breach Investigations Report (DBIR) — it was what fueled them. Quietly, yet consistently, two underlying factors played a role in some of the worst breaches: third-party exposure and machine credential abuse
Phosphorus Cybersecurity's Phillip Wylie on Asset Inventory, Password HygieneOrganizations inadvertently create cybersecurity gaps by trusting connected devices. Threat actors are shifting tactics to exploit IoT vulnerabilities when traditional attack vectors strengthen, said Phillip Wylie, xIoT security evangelist at Phosphorous Cybersecurity.
PLUS: AirPlay exploits; Six-year old backdoor opens; Raytheon settles federal charges; and more! Infosec In Brief Microsoft has decided to push its consumer customers to dump password in favor of passkeys.…