Quotidien Hebdomadaire Mensuel

Quotidien Shaarli

Tous les liens d'un jour sur une page.

Aujourd'hui - April 25, 2025

SAP fixes suspected Netweaver zero-day exploited in attacks

SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers.

Largest telecom in Africa warns of cyber incident exposing customer data | The Record from Recorded Future News

MTN Group said an “unknown third-party has claimed to have accessed data linked” to parts of its system and that the incident “resulted in unauthorised access to personal information of some MTN customers in certain markets.”

Employee monitoring app leaks 21 million screenshots in real time

A surveillance tool meant to keep tabs on employees is leaking millions of real-time screenshots onto the open web.

Your boss watching your screen isn't the end of the story. Everyone else might be watching, too. Researchers at Cybernews have uncovered a major privacy breach involving WorkComposer, a workplace surveillance app used by over 200,000 people across countless companies.

The app, designed to track productivity by logging activity and snapping regular screenshots of employees’ screens, left over 21 million images exposed in an unsecured Amazon S3 bucket, broadcasting how workers go about their day frame by frame.

How to steal the internet

Singaporean businessman Lu Heng is poised to capture Africa’s regional IP address regulator, and with it, the keys to control of much of the world's remaining IPv4 addresses

StarCraft 2 Hackers Forcing Players To Watch Shooting Videos

People playing Blizzard's RTS have spent the last year complaining about hackers doing terrible shit

ReliaQuest Uncovers Potential New Vulnerability in SAP NetWeaver

ReliaQuest has observed SAP NetWeaver incidents with unauthorized file uploads and malicious execution, hinting at a possible unreported vulnerability.

M-Trends 2025: Data, Insights, and Recommendations From the Frontlines

M-Trends 2025 data is based on more than 450,000 hours of Mandiant Consulting investigations. The metrics are based on investigations of targeted attack activity conducted between Jan. 1, 2024 and Dec. 31, 2024. Key findings in M-Trends 2025 include:

  • 55% of threat groups active in 2024 were financially motivated, which marks a steady increase, and 8% of threat groups were motivated by espionage.

  • Exploits continue to be the most common initial infection vector (33%), and for the first time stolen credentials rose to the second most common in 2024 (16%).

  • The top targeted industries include financial (17.4%), business and professional services (11.1%), high tech (10.6%), government (9.5%), and healthcare (9.3%).

  • Global median dwell time rose to 11 days from 10 days in 2023. Global median dwell time was 26 days when external entities notified, 5 days when adversaries notified (notably in ransomware cases), and 10 days when organizations discovered malicious activity internally.

M-Trends 2025 dives deep into the aforementioned infostealer, cloud, and unsecured data repository trends, and several other topics, including:

  • Democratic People's Republic of Korea deploying citizens as remote IT contractors, using false identities to generate revenue and fund national interests.

  • Iran-nexus threat actors ramping up cyber operations in 2024, notably targeting Israeli entities and using a variety of methods to improve intrusion success.

  • Attackers targeting cloud-based stores of centralized authority, such as single sign-on portals, to gain broad access.

  • Increased targeting of Web3 technologies such as cryptocurrencies and blockchains for theft, money laundering, and financing illicit activities.

UK bans export of video game controllers to Russia to hinder attack drone pilots

In a sanctions package including more than 150 new measures, the British government said it was closing loopholes being exploited by the Kremlin.

Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028)

We've previously, publicly and privately, analysed vulnerabilities in various ‘Backup and Replication’ platforms, including those offered by Veeam and NAKIVO - both of which have struggled to avoid scrutiny and in some cases, even opting to patch issues silently.

However, we’re glad to see that sense prevails - kudos to NAKIVO for acknowledging CVE-2024-48248 from our previous research and publicly responding to a new XXE vulnerability (CVE-2025-32406).

Backup and Replication solutions have become prime targets for ransomware operators for logical reasons — Veeam, for instance, has already seen widespread exploitation in the wild.

9X Surge in Ivanti Connect Secure Scanning Activity

GreyNoise observed a 9X spike in suspicious scanning activity targeting Ivanti Connect Secure or Ivanti Pulse Secure VPN systems. More than 230 unique IPs probed ICS/IPS endpoints. This surge may indicate coordinated reconnaissance and possible preparation for future exploitation.