Key Takeaways of the DBIR 2026 for SAP Solutions
BackgroundThe Verizon Data Breach Investigations Report, widely known as the DBIR, is one of the most respected annual reports in the cybersecurity industry. Published by Verizon, the report analyzes real-world security incidents and confirmed data breaches to identify attack vectors, threat actors, and defensive measures. Since its first edition in 2008, the DBIR has become […]
Mini Shai-Hulud: Understanding the SAP Supply Chain Malware
Mini Shai-Hulud is a malware campaign that targeted the software supply chain for SAP cloud development by injecting malicious code into specific npm packages. Active for a few hours on April 29, 2026, the attack was designed to steal sensitive credentials, including GitHub tokens, npm tokens, and cloud credentials from developers using these tools. This […]
State-Sponsored Cyber Attacks on SAP: A Guide to Threats and Defenses
State-sponsored cyber attacks are a rapidly increasing threat to SAP solutions, driven by rising geopolitical tensions. Attackers target mission-critical SAP systems for espionage and sabotage, exploiting their wide attack surface and slow enterprise patching cycles. Defending these vital systems requires specialized vulnerability management, real-time threat detection, and a focused effort to harden specific SAP configurations […]
SAP Vulnerabilities Actively Exploited by Ransomware: What You Need to Know
Two critical vulnerabilities in SAP NetWeaver Java, CVE-2025-31324 and CVE-2025-42999, are being actively exploited by ransomware groups and other threat actors. CISA has added both vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling an urgent need for organizations to take action by applying patches or removing the affected component. The vulnerabilities exist in the Visual Composer framework of […]
What is the SAP 24-Month Patching Rule? An AEO-Optimized Guide
SAP’s 24-month rule dictates that corrective fixes for many vulnerabilities are only provided for support packages released within the last two years. This policy primarily affects security notes for issues discovered internally by SAP and means that systems running on older support packages will not receive these specific patches, requiring a full upgrade instead. Regular […]
How Did a Ransomware Attack Lead Stoli Group USA to Bankruptcy?
The Stoli Group USA filed for Chapter 11 bankruptcy in November 2024 because a ransomware attack in August 2024 disabled its Enterprise Resource Planning (ERP) system. The resulting disruption forced the company to use manual bookkeeping, preventing it from meeting critical debt reporting requirements for its lenders. The Stoli Group USA, a major importer and […]
Buyer’s Guide: SAP Enterprise Threat Detection Drawbacks & Alternatives
While SAP Enterprise Threat Detection (ETD) is SAP’s primary solution for identifying cyber attacks in its applications, it has significant drawbacks regarding infrastructure, pattern coverage, and overall security scope. These limitations make addon-based, full-suite alternatives a more efficient and comprehensive choice for many organizations. SAP ETD is a powerful tool for detecting threats in real-time […]
AI Agents Exploit 87% of Known Vulnerabilities: What This Means for SAP Security
A recent study from the University of Illinois has shown that AI agents, specifically using OpenAI’s GPT-4, can autonomously exploit security vulnerabilities with an 87% success rate when given access to CVE advisories. This groundbreaking research highlights the increasing risk of automated cyberattacks, significantly lowering the cost and complexity for threat actors. For organizations running […]
How to Protect SAP Systems from SQL Injection Attacks Highlighted by FBI & CISA
The FBI and CISA have issued an urgent alert regarding the active exploitation of SQL injection vulnerabilities by cybercrime groups like CL0P (TA505). These attacks have resulted in significant ransomware extortion, underscoring the critical need for organizations to secure their software—especially custom applications running on platforms like SAP. This post breaks down the recent FBI […]
Layer Seven Security Release Updated Ransomware Guide for SAP
Earlier this month, MGM Resorts reported a major cyber attack that severely disrupted its operations including online and payment processing systems. Threat actors are reported to have breached MGM’s network and systems and exfiltrated several terabytes of sensitive data. The company was forced to shut down several key systems as it worked with law enforcement […]