Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

ionix

Exploited! SAP NetWeaver Visual Composer Unauthenticated File-Upload Vulnerability (CVE-2025-31324)

Apr 27, 2025 By Amit Sheps In IONIX
SAP has released an out-of-band patch for a critical unrestricted file-upload flaw, CVE-2025-31324, in the NetWeaver Visual Composer “Metadata Uploader.” A missing authorization check allows unauthenticated attackers to upload arbitrary files (e.g., JSP, WAR) and instantly execute code on the SAP Java stack. If left unpatched, the weakness can expose sensitive ERP data and disrupt core business workflows across finance, HR, and manufacturing systems. In this article.
Read Post
The Ultimate Guide to Resume Parsing Technology

The Ultimate Guide to Resume Parsing Technology

Apr 27, 2025 By SecuritySenses In SecuritySenses
Imagine you're a recruiter staring at hundreds of resumes piled high in your inbox. Sifting through each document to find the right candidate feels like trying to find a needle in a haystack. That's where resume parsing technology comes in. At its core, this technology automates the extraction of key information-names, contact details, work history, education, skills, and more-from unstructured documents, transforming them into structured data that's easy to search, sort, and act upon. Today, parsing is a standard feature in most Applicant Tracking Systems (ATS), speeding up hiring and reducing manual errors.
Read Post

#210 - The current cybersecurity landscape with Ian L. Paterson, CEO of Plurilock

Apr 26, 2025 By LimaCharlie In LimaCharlie
On today’s episode of The Cybersecurity Defenders Podcast we speak with Ian L. Paterson, CEO of Plurilock, about the current state of Cybersecurity. Ian is a data entrepreneur with more than 15 years of experience in leading and commercializing technology companies in the fields of data analytics and cybersecurity. Ian is the CEO of Plurilock, where he led the company’s growth and its successful listing on the TSX Venture Exchange.
View Video
indusface

How a WAF Helps You Meet Key Compliance Standards

Apr 25, 2025 By Vinugayathri Chinnasamy In Indusface
Web Application Firewalls (WAFs) have emerged as indispensable tools not only for blocking cyber threats but also for supporting compliance across various industries and jurisdictions. Whether you’re dealing with sensitive payment information, personal health records, or consumer data, a WAF can significantly simplify your compliance journey.
Read Post
Arctic Wolf

CVE-2025-31324: Maximum-Severity File Upload Vulnerability in SAP NetWeaver Exploited in the Wild

Apr 25, 2025 By Andres Ramos In Arctic Wolf
On April 24, 2025, SAP released fixes for CVE-2025-31324, a maximum-severity zero-day unrestricted file upload vulnerability in the NetWeaver Visual Composer component. Visual Composer is a tool within NetWeaver for creating applications and user interfaces. The vulnerability was discovered by ReliaQuest, which initially observed its exploitation in the wild.
Read Post
Trustwave

FBI 2024 IC3 Report: Phishing Soars, Ransomware Batters Critical Infrastructure as Cyber Losses Climb

Apr 25, 2025 By Trustwave In Trustwave
The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center issued the 25th edition of its annual report this month, again noting a jump in complaints and losses from phishing, ransomware, and data breaches among the leading cyber threats. Overall, the FBI’s 2024 IC3 reported $16.6 billion in losses, up from $12.5 billion in 2023, on 859,532 complaints received. This figure was down slightly from the 880,418 complaints received in 2023.
Read Post
knowbe4

Social Engineering Campaign Abuses Zoom to Install Malware

Apr 25, 2025 By Stu Sjouwerman In KnowBe4
A social engineering campaign is abusing Zoom's remote control feature to take control of victims’ computers and install malware, according to researchers at security firm Trail of Bits. The operation targeted Trail of Bits’ CEO, who recognized it as malicious and didn’t fall for the attack. The researchers have attributed the campaign to the ELUSIVE COMET threat actor.
Read Post
ignyte Team

Guide: What is KMI (Key Management Infrastructure)?

Apr 25, 2025 By Max Aulakh In Ignyte
One of the most critical elements of modern information security is encryption. Encryption is a complex field based solely on the arms race between people seeking secure ways to encode and encrypt data at rest and in transit and those seeking to break that encryption. Encryption is extremely commonplace. Most websites you visit use SSL, the Secure Socket Layer, which uses encryption to secure data traveling between your device and the servers hosting the website.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.