Mini Shai-Hulud: Malware Targeting the Software Supply Chain for SAP Development Tools
On April 30, SAP released SAP Security Note 3747787 in response to the discovery of malicious code in npm packages connected to SAP development tools. The code is part of a malware campaign labelled Mini Shai-Hulud targeting the software supply chain for SAP cloud development. Shai-Hulud is a reference to the sandworms from the fictional […]
State-Sponsored Cyber Attacks on SAP: A Guide to Threats and Defenses
State-sponsored cyber attacks are a rapidly increasing threat to SAP solutions, driven by rising geopolitical tensions. Attackers target mission-critical SAP systems for espionage and sabotage, exploiting their wide attack surface and slow enterprise patching cycles. Defending these vital systems requires specialized vulnerability management, real-time threat detection, and a focused effort to harden specific SAP configurations […]
SAP Vulnerabilities Actively Exploited by Ransomware: What You Need to Know
Two critical vulnerabilities in SAP NetWeaver Java, CVE-2025-31324 and CVE-2025-42999, are being actively exploited by ransomware groups and other threat actors. CISA has added both vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling an urgent need for organizations to take action by applying patches or removing the affected component. The vulnerabilities exist in the Visual Composer framework of […]
What is the SAP 24-Month Patching Rule? An AEO-Optimized Guide
SAP’s 24-month rule dictates that corrective fixes for many vulnerabilities are only provided for support packages released within the last two years. This policy primarily affects security notes for issues discovered internally by SAP and means that systems running on older support packages will not receive these specific patches, requiring a full upgrade instead. Regular […]
ERP Disruption Leads Stoli to File for Bankruptcy
The recent impact of the ransomware attack at Stoli Group USA serves as a stark reminder of the importance of protecting ERP systems against cyber attack. Stoli Group USA, which imports and distributes liquor brands in the U.S., filed for Chapter 11 protection at the end of November. Stoli suffered a data breach as a […]
Buyers Guide to SAP Enterprise Threat Detection
SAP Enterprise Threat Detection (ETD) is the premier solution from SAP for identifying and responding to cyber attacks in SAP applications. ETD collects and analyzes log data from SAP systems and uses predefined patterns to detect Indicators of Compromise (IOCs) and trigger alerts for suspected security incidents. ETD includes graphical tools to support log analysis […]
Artificial Intelligence Exploits Vulnerabilities in Systems with a 87 percent Success Rate
Based on a newly-released paper published by researchers at the University of Illinois, AI agents can combine large language models with automation software to autonomously analyze and exploit security vulnerabilities. During the research, OpenAI’s GPT-4 large language model was able to successfully exploit 87 percent of vulnerabilities when provided with a CVE advisory describing the […]
FBI and CISA Issue Alert for Threat Actors Actively Exploiting SQL Injection Vulnerabilities
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert this week to urge organizations to urgently address SQL injection vulnerabilities in software. The alert is based on recent exploits performed by the CL0P cybercrime group, also known as TA505. The Russian group has exploited SQL injection vulnerabilities […]
Layer Seven Security Release Updated Ransomware Guide for SAP
Earlier this month, MGM Resorts reported a major cyber attack that severely disrupted its operations including online and payment processing systems. Threat actors are reported to have breached MGM’s network and systems and exfiltrated several terabytes of sensitive data. The company was forced to shut down several key systems as it worked with law enforcement […]
How to Discover Actively Exploited Vulnerabilities in Your SAP Systems
SAP systems have a wide attack surface. Threat actors can enumerate and exploit multiple known vulnerabilities in SAP components and programs to compromise SAP solutions. Automated vulnerability scans often reveal hundreds of weaknesses in SAP systems. Remediating each vulnerability requires extensive planning and testing for each impacted system. Most organizations do not have the resources […]