Featured Story
China-Linked APTs Exploit SAP CVE‑2025‑31324 to Breach 581 Critical Systems Worldwide
Chinese-associated APT groups UNC5221, UNC5174, and CL‑STA‑0048 exploited CVE‑2025‑31324—a unauthenticated file upload RCE in SAP NetWeaver—to infiltrate critical infrastructure worldwide. A total of 581 NetWeaver instances were reportedly backdoored with web shells, and 800 domains are suspected for future targeting. During the investigation, a second zero-day (CVE‑2025‑42999) was discovered and patched via SAP Notes 3594142 and 3604119. Urgent patching is strongly recommended.
Other Stories
Ivanti EPMM Vulnerabilities Exploited in the Wild (CVE‑2025‑4427, CVE‑2025‑4428)
Threat actors exploited an authentication bypass (CVE‑2025‑4427) and RCE (CVE‑2025‑4428) in on‑prem Ivanti EPMM products. These zero-days affected only a small subset of customers, but CERT‑EU confirmed active exploitation. Patched versions (11.12.0.5, 12.3.0.2, 12.4.0.2, 12.5.0.1) are available.
Tracking Bugs: European Vulnerability Database Goes Live
ENISA has launched the European Vulnerability Database (EUVD), offering a unified portal for vulnerability info on software and hardware. It aggregates data from vendors, CSIRTs, and the CVE Program—and provides dashboards for critical and exploited vulnerabilities. This follows concerns over CVE Program funding stability.
Beware: Phishing Emails in the Name of Agentschap Wegen & Verkeer
Fake emails impersonating the Flemish Roads and Traffic Agency warn of an alleged road tax bill and include a link to view the document. Clicking the link could lead to fraud. Users are advised to visit the official https://www.burgerprofiel.be/ site directly if unsure.
verdacht@safeonweb.be, suspect@safeonweb.be, or suspicious@safeonweb.be. Our SOC team is ready to assist with verifications.
