Article Details

⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More. What happens when cybercriminals no longer need deep skills to breach your defenses? Today's attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to large botnets ready to strike. And they're not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider tricks are used to slip past security unnoticed. This week's threats are a reminder: waiting to react is no longer an option. Every delay gives attackers more ground. ⚡ Threat of the Week Critical SAP NetWeaver Flaw Exploited as 0-Day — A critical security flaw in SAP NetWeaver (CVE-2025-31324, CVSS score: 10.0) has been exploited by unknown threat actors to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. The attacks have also been observed using the Brute Ratel C4 post-exploitation framework, as well as a well-known technique called Heaven's Gate to bypass endpoint protections. Firewalls are Obsolete in the AI Era. It's Time for a Modern Security Approach Companies need to rethink how they protect their private and public use of AI and how they defend against AI-powered attacks. Traditional firewalls, VPNs, and public-facing IPs expose your attack surface and are no match in the AI era. It's time for a modern approach with Zscaler Zero Trust + AI. 🔔 Top News ‎️‍🔥 Trending CVEs Attackers love software vulnerabilities—they're easy doors into your systems. Every week brings fresh flaws, and waiting too long to patch can turn a minor oversight into a major breach. Below are this week's critical vulnerabilities you need to know about. Take a look, update your software promptly, and keep attackers locked out. This week's list includes — CVE-2024-58136, CVE-2025-32432 (Craft CMS), CVE-2025-31324 (SAP NetWeaver), CVE-2025-27610 (Rack), CVE-2025-34028 (Commvault Command Center), CVE-2025-2567 (Lantronix Xport), CVE-2025-33028 (WinZip), CVE-2025-21204 (Microsoft Windows), CVE-2025-1021 (Synology DiskStation Manager), CVE-2025-0618 (FireEye EDR Agent), CVE-2025-1763 (GitLab), CVE-2025-32818 (SonicWall SonicOS), CVE-2025-3248 (Langflow), CVE-2025-21605 (Redis), CVE-2025-23249, CVE-2025-23250, and CVE-2025-23251 (NVIDIA NeMo Framework), CVE-2025-22228 (Spring Framework, NetApp), and CVE-2025-3935 (ScreenConnect). 📰 Around the Cyber World 🎥 Cybersecurity Webinars 🔧 Cybersecurity Tools 🔒 Tip of the Week Don't Let Video Calls Become Backdoors — Attackers are now using fake meeting invites to trick people into giving them remote access during video calls. They set up fake interviews or business meetings, then request screen control — sometimes even changing their name to "Zoom" to make it look like a system message. If you click "Allow" without thinking, they can take over your computer, steal data, or install malware. To stay safe, disable remote control features if you don't need them. On Zoom, turn it off in Settings under "In Meeting (Basic)." Always double-check who's asking for access, and never approve control just because it looks official. Use browser-based tools like Google Meet when possible — they're safer because they can't easily take control of your system. For extra protection, Mac users can block Zoom (or any app) from getting special permissions like "Accessibility," which is needed for remote control. IT teams can also set this up across all company devices. And watch out for invites from odd emails or links — real companies won't use personal accounts or fake booking pages. Stay alert, and don't let a simple click turn into a big problem. Conclusion The most effective defenses often start with asking better questions. Are your systems behaving in ways you truly understand? How might attackers use your trusted tools against you? Now is the time to explore security beyond technology — look into how your team handles trust, communication, and unusual behavior. Map out where human judgment meets automation, and where attackers might find blind spots. Curiosity isn't just for research — it's a powerful shield when used to challenge assumptions and uncover hidden risks.