Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver
Remote code execution lets attackers run commands on a target system, enabling full compromise; patch exposed software and restrict privileges.
Search across headline titles and summaries.
Background for this topic.
Remote code execution (RCE) is the ability of an attacker to make a system run attacker-chosen code from a remote position, usually by exploiting a flaw in a network-facing application, service, protocol, or the processing of untrusted content. Unlike simple unauthorized access, successful RCE can run with the privileges of the affected process, enabling actions such as accessing data, changing configuration, disrupting a service, establishing persistence, or moving to other systems. Exploitability depends on factors including network reachability, authentication requirements, configuration, and whether execution is constrained.
Defenders should prioritize exposed RCE vulnerabilities in vulnerability management: inventory reachable assets, apply fixes or vendor mitigations, and restrict access or disable vulnerable functionality where patching is not immediately possible. Least privilege and service isolation limit the damage if exploitation succeeds. Secure input handling, safe deserialization, and avoiding unnecessary shell invocation reduce common attack paths. Monitoring for unusual process creation and outbound connections can support detection; suspected exploitation warrants prompt investigation, preservation of relevant logs, credential rotation where appropriate, and checks for persistence.
A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver
Three vulnerabilities in SMA 100 gateways could facilitate root RCE attacks, and one of the vulnerabilities has already been exploited in the wild.
SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution
Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges
Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. [...]
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible. [...]
Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple's AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology