Enterprise Flaw ‘GeminiJack’ ZeroClick in Gemini Fixed by Google: Case of Prompt Injection Attack
Google Fixes Gemini Enterprise Flaw
Continue ReadingThreat detection
AI Surge in CyberSecurity Redefining Threat & Defense; Reshaping Software Development & Security
Currently enterprise Cyber Security strategy with AI has become a game changer, reshaping is critical for both threat and defense. Embracing Gen AI for a robust defensive system empowers organizations to analyze vast amount of data is key requirement for enterprise security where software development is key to enterprise security , embracing ‘security by design’.
In 2024-2025, we have witnessed how mainstream enterprise deployment of AI has changed the strategic cyber security requirement. Thereby creating a strong defense mechanism around enterprise security, redefining the threat landscape and shaping software development.
AI is changing the way we look at products being a risk multiplier. How organization balancing innovation with protection?
AI can track and break commonly used passwords within minutes. So this is scary as more powers are in the hands of hackers, on the other side AI can improve password security again a boon. The Dark Web is already selling Fraud GPT and Worm GPT.
For Organizational cyber security strategy AI is being used now to tackle threats and cyber defense. Again AI has the capability to accelerate the speed of cyber attacks.
So what are leaders deciding when chasing AI based products. The way leaders are looking at products is products that give practical and actionable outlook and being embedded in delivery workflows.
Strategically, this means evolving away from rigid, checkbox-based compliance toward dynamic, adaptive security models that reflect how modern teams really build software—especially in AI-accelerated environments.
As per statistics 2025 witnessed the following AI based cyber attacks.16% of all breaches in 2025 involved attackers using AI. (IBM),and other AI attacks included 37% used phishing attacks and 35% used deepfake attacks. (IBM). 63% of breached organizations had no AI governance policy or were still developing one, highlighting the governance gap around AI adoption (IBM).
OpenText has released their survey and the report entails, AI is rapidly changing the threat landscape for organizations . Organizations are navigating a high-stake balancing act to enable innovation while managing risk.
Here are the key findings
Top AI-related concerns among respondents include data leakage (29%), AI-enabled attacks (27%), and deepfakes (16%).
95% of respondents are confident in their ability to recover from a ransomware attack, but only 15% of those attacked fully recovered their data.
88% allow employees to use GenAI tools, yet less than half (48%) have a formal AI use policy.
Enterprises lead AI governance (52%) compared to SMBs (43%) by having a formal AI policy in place.
52% report increased phishing or ransomware due to AI; 44% have seen deepfake-style impersonation attempts.
Surge in AI Threats via sophisticated attacks
One of the reasons cited by threat researchers is organizations are embracing GenAI, allowing employees to use generative AI tools and few less then 50% have a formal AI-use or data privacy policy in place, the report noted.
This is added with hackers innovative way in tricking using AI, bypassing any defense mechanism which is traditional.
AI tools are now being used to create such convincing phishing emails, fake websites and even deepfake videos to injecting malicious code giving leverage to cyber criminals
In the last few months we witnessed how Ransomware attacks round the world surged and quite complex in nature as third-party service providers or software supply chains were prime targets. The Qantas airline breach and M&S data beach that hit UK’s top retail brand.
While Qantas did not to Information Age whether AI voice deepfakes were used in the breach, the cybercrime group experts believe may be linked to the hack — dubbed ‘Scattered Spider’ — has a track record of using voice-based phishing (or ‘vishing’) in its attacks. This is clear AI being used and surge is quite high in AI based cyber attacks.
AI for Cyber Defense for Organizational Cyber Security Strategy
It is not hackers who are benefiting but for Organizations it is a game changer as AI being used to detect attack at faster pace meaning mean time.
Findings of this survey reinforces that protecting against ransomware now depends not just on internal defenses, but also on how effectively organizations’, partners, and technology providers collaborate to close security gaps before they are exploited.
Key pointer for building pragmatic and strategic choices and this approach starts with embracing security by design approach in developmental life cycle.
- Continuously Embedding security in developer workflows keeping automating, scanning, policy enforcement and anomaly detection in tools used by developers.
- Cybersecurity AI tools are better at identifying patterns and anomalies in large datasets including vulnerabilities. teams have to highly prioritize and contextualize them in term of developing products.
- Supposedly there is an attack and the security tools not able to detect. So continuous testing is mandatory.
- Developers can favor simple solutions that favors pragmatic security patterns and transparency in architecture. In this way trust is developed with clients.
Few important developers keep in focus is to sponsor bug bounties, publish advisories using standards like the Common Security Advisory Framework (CSAF) and provide context on severity and exploitability.
Threat researcher suggest organizations who are building in products accept all vulnerability reports, investigate them, and fix the issues. Any critically important advisory to be used for root cause analysis to improve tools, training and various threat models. Developers are suggested to give feedback for external tools if they help them evolve. Understanding no software can ever be perfect.
Offerings from IntruceptLabs are exactly what you need to develop organizational cyber defense capabilities
Intru360
Intru360 gives security analysts and SOC managers a clear view across the organization, helping them fully understand the extent and context of an attack. It also simplifies workflows by automatically handling alerts, allowing for faster detection of both known and unknown threats.
Identify latest threats without having to purchase, implement, and oversee several solutions or find, hire, and manage a team security analyst. Unify latest threat intelligence and security technologies to prioritize the threats that pose the greatest risk to your company.
Here are some features we offer:
- Over 400 third-party and cloud integrations.
- More than 1,100 preconfigured correlation rules.
- Ready-to-use threat analytics, threat intelligence service feeds, and prioritization based on risk.
- Prebuilt playbooks and automated response capabilities.
(Sources: https://www.mckinsey.com/about-us/new-at-mckinsey-blog/ai-is-the-greatest-threat-and-defense-in-cybersecurity-today)
Sources: https://investors.opentext.com/press-releases/press-releases-details/2025/OpenText-Cybersecurity-2025-Global-Ransomware-Survey-Rising-Confidence-Meets-a-Growing-AI-Threat/default.aspx)
Spring Security & Framework Authorization Bypass Vulnerabilities Patched
Security advisory: Two new security vulnerabilities have been discovered in the Spring Framework and Spring Security components identified as CVE-2025-41248 and CVE-2025-41249.
| Severity | Medium |
| CVSS Score | 4.4 |
| CVEs | CVE-2025-41248, CVE-2025-41249 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
These issues affect applications that use method-level security annotations like @PreAuthorize to control access to certain methods or features. Under specific conditions when generics are used in parent classes or interfaces, these annotations may not be properly detected, which could allow unauthorized users to access restricted functionality.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Spring Security Authorization Bypass Vulnerability | CVE-2025-41248 | Spring Security | Medium | 6.5.4 (Open Source) 6.4.10 (Open Source) |
| Spring Framework Annotation Detection Vulnerability | CVE-2025-41249 | Spring Framework | Medium | 6.2.11 (Open Source) 6.1.23 (Commercial Support) 5.3.45 (Commercial Support) |
Technical Summary
The vulnerability arises when Spring applications use inheritance (where a class inherits methods from another class) and generics (a way to define methods or classes that can handle different types of data) together. If a secured method, like one marked with the @PreAuthorize annotation (used to enforce security checks), is declared in a generic superclass or interface without clear type definitions, Spring might fail to recognize the security annotation at runtime. This means unauthorized users could potentially access these methods. This issue affects Spring Security versions 6.4.0 to 6.5.3 and Spring Framework versions 5.3.0 to 6.2.10. The Spring team has since released updates to better handle security annotations in such cases, ensuring proper authorization checks.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-41248 | Spring Security 6.4.0 – 6.4.9 6.5.0 – 6.5.3 | Spring Security may fail to detect method-level security annotations applied to generic superclasses or interfaces, resulting in unauthorized access. | Unauthorized access |
| CVE-2025-41249 | Spring Framework 6.2.0 – 6.2.10 6.1.0 – 6.1.22 5.3.0 – 5.3.44 Older, unsupported versions are also affected. | Spring Framework does not consistently recognize security annotations on methods declared in generic superclasses or interfaces, which can lead to authorization bypass. | Authorization bypass. |
Remediation:
Users should immediately update to the latest patched versions of Spring Security and Spring Framework:
| Spring Security | |
| Affected Version | Fix Version |
| 6.5.x | 6.5.4 |
| 6.4.x | 6.4.10 |
| Spring Framework | |
| Affected Version | Fix Version |
| 6.2.x | 6.2.11 |
| 6.1.x | 6.1.23 |
| 6.0.x | N/A (OOS) |
| 5.3.x | 5.3.45 |
Conclusion:
These vulnerabilities cause Spring Security and Spring Framework to sometimes miss detecting method-level security annotations in generic type hierarchies. This can allow unauthorized users to bypass authorization checks, exposing protected functionality. While the severity is medium, it is important to update to the fixed versions promptly and review security annotation usage on generics to maintain proper access control.
References:
Zero Trust 2.0” Strategy by White House to Streamline Compliance; A Shift in Threat landscape
Zero trust isn’t just for security teams, but a strategy where organizations meet compliance standards, vendors behavior, govt policies. Overall zero trust is a shift in how an entire enterprise thinks how to access risk and more than a checklist.
The White House is developing a “Zero Trust 2.0” strategy to focus on targeted, high-impact cybersecurity initiatives and improve the efficiency of federal cyber investments.
Trump admin Officials aim to streamline compliance regimes and tailor software security requirements, especially differentiating critical from low-risk software.
The administration is also preparing new guidance on drone procurement and use, restricting purchases from certain foreign entities, and finalizing instructions for agencies to adopt post-quantum cryptography following recent NIST standards.
The zero-trust security architecture was introduced by Forrester Research in 2010. Zero trust is a cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.
Nick Polk, branch director for federal cybersecurity at the Office of Management and Budget, said OMB is looking toward the next iteration of the federal zero trust strategy.
“We’re still coalescing around the exact strategy here, but it likely will be focused on specific initiatives we can undertake for the entire government,” Polk said a July 16 online meeting of the Information Security and Privacy Advisory Board.
AI & Zero Trust
AI tools help build a Zero Trust foundation for enterprises fixing different layers of security and focus on elevating security strategies . Now with the advent of AI-driven advancements, the path forward offers some intriguing prospects for AI and zero trust synergies.
AI and Zero Trust intersecting will unlock key opportunities for holistic cyber security maturity, further AI generates an informed narrative for granting or denying resource access. The security approach seamlessly aligns with a core tenet on principle of Zero Trust and least privilege.
Key Security Updates
Nick Polk also explained some of the key changes in President Donald Trump’s June cybersecurity executive order. Trump maintained many Biden-era initiatives, but canceled a plan to require federal software vendors to submit “artifacts” that demonstrate the security of their product.
“That was really a key instance of compliance over security, requiring an excessive amount of different artifacts from each software vendor, changing requirements midstream, when software providers were already working on getting the security software development form and agencies were already working on collecting it,” Polk said, pointing to a continued requirement for agencies to collect secure software attestation forms from contractors.
How Zero trust help organizations security posture
Organizations who place Zero Trust architecture will have access control policies and definitely use micro segmentation . Required to minimize the damage from ransomware attack can cause.
Attackers not only find it more difficult to breach the system in the first place, they’re limited in their ability to expand made possible by Zero trust when put in place.
Ransomware attack, typically involves an initial infection, lateral movement and data exfiltration with or without encryption. Zero Trust implementation bring organization to address each step as it happens or before it happens. Ransomware will attack a business, consumer, or device e
According to Gartner, at least 70% of new remote access deployments will be served mainly by ZTNA instead of VPN services by 2025 — up from less than 10% at the end of 2021.
Zero trust is based on the principle of least-privilege access, meaning it has to be assumed that no user or application should be inherently trusted. Zero Trust Network Access (ZTNA) takes a completely different approach than VPNs to securing access for remote workers.
Implementing zero trust will connect users to network and no risk is involved with network. Users are connected directly to only the applications and data they need, preventing the lateral movement of malicious users with overly permissive access to sensitive data and resources.
Behavioral Analytics and Anomaly Detection with AI its much easier to detect and entity actions
Automating Threat Response and Remediation is faster with AI as, AI takes the lead in automating response measures by swift device isolation.
AI involves real time risk assessments and determines when to give access resource.
In few years from now many organization will attain the optimal posture for Zero Trust as AI and zero trust emerge as strong significant partner for a better security maturity and posture.
(Source: https://www.computer.org/csdl/magazine/co/2022/02/09714079/1AZLiSNNvIk)
Source: https://www.govcon.community/c/news-summary/trump-admin-focuses-on-zero-trust-2-0-cybersecurity-efficiencies
Cyber-Breach on Qantas Airliner re-echo’s Cyber Risk associated with Third Party
Third-party vendors are critical to and business or industry – but they confirm to significant amount of cyber risk. Qanatas airline confirmed of cyber attack where nearly six million customers data may have been compromised. The airliner issued statement that said credit card details, financial information, and passport details were not part of the breach.
Qantas said in a statement: “We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant. An initial review has confirmed the data includes some customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.”
The alarming aspect of a third-party data breach is the sheer scale of impact. Hackers have the potential to attack thousands of organizations in one fell swoop.
KPMG, study showed how 73% of organizations have experienced at least one significant disruption from a third-party cyber incident within the last three years.
Qantas Group chief executive Vanessa Hudson said the company was working closely with the National Cyber Security Coordinator and the Australian Cyber Security Centre.
We sincerely apologies to our customers and we recognize the uncertainty this will cause. Our customers trust us with their personal information, and we take that responsibility seriously,” she said.
In the breach that affected Qantas airliner which is one of the oldest, did not point to any hackers group. This data breach is one of Australia’s biggest breach in years which caused major setback and reputation damage to an airliner.
Last week, FBI said Scattered Spider group was targeting airlines and that Hawaiian Airlines (HAII.UL) and Canada’s WestJet had already reported breaches. Read more on our blogs:
Key pointer of the Qantas Breach
The Cyber hacker broke into a database containing the personal information of millions of customer.
The breach was executed by hackers who targeted a call center and gained access to a third-party customer service platform containing six million names, email addresses, phone numbers, birth dates and frequent flyer numbers.
Third party risk management is complex but neglecting can be fatal for organizations whose data volume is huge such as airliners.
The airline is emailing affected customers and has set up a dedicated support line at 1800 971 541 (or +61 2 8028 0534 from overseas).
If we observe in recent past 2020, the solar Winds attack that happened where Solar winds confirmed that its network had been penetrated by a malicious actor and a complex malware program inserted into software updates of its technology platform – SolarWinds OrionⓇ.
Such is the magnitude of the attack that the malware program comprised a multistage process, scanning downstream customer networks to detect security tools it could avoid or disable, and stealthily connecting to the attacker’s command and control servers. The malware persisted for months before initial detection.
The solar winds attack cost to the company amounted to significant loss with Incident response and forensic services cost companies 11% of their annual revenue (an average of $12 million).
How to make sure your vendor don’t create unnecessary risk that pose challenge for organization at large
First ensure your third party vendor’s meet the required robust security posture
Vendor risk assessment must be done holistically by streamlining due diligence
Upon discovery of any vulnerabilities, it is important that customizing and updating security requirements of the newly discovered threats and patch.
As a part of better threat mitigation strategy it is important that to automate vendors onboarding this will provide agility.
Managing Third party risk with Intru360
A research with KPMG found that found 61% of businesses underestimate third party risk management and often also struggle to have a healthy operation model and scale it same time.
KPMG research further found that Third-party/nth-party risk management that covers all third-party relationships over the entire life cycle; subjects vendors that support critical activities or are heavily relied upon to more comprehensive and rigorous oversight; and considers transition, contingency, recovery, and duplicity alternatives.
With most of the technology investments fail to provide visibility into third-party risk, we at Intercept help you to expand the scope and cover third parties related risk areas by identifying.
Intru360 gives security analysts and SOC managers a clear view across the organization, helping them fully understand the extent and context of an attack. It also simplifies workflows by automatically handling alerts, allowing for faster detection of both known and unknown threats.
In vendor security and management here are some of the features we offer to make sure cyber health of each and every supplier is checked and alerts are placed to get notification.
Prebuilt playbooks and automated response capabilities.
Over 400 third-party and cloud integrations.
More than 1,100 preconfigured correlation rules.
Ready-to-use threat analytics, threat intelligence service feeds, and prioritization based on risk.
Sources: https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to-know
Ways to combat Cyber Threats; Strengthen your SOC’s readiness involves 3 key strategies
Cyber threats are no longer limited to human attackers, with AI-driven “bad bot” attacks now accounting for 1/3 as per research. These attacks can be automated, allowing attackers to launch more extensive and efficient campaigns
Organizations are now exposed new risks, providing cybercriminals with more entry points and potential “surface areas” to exploit as they go digital and adopt to innovations and wider use of digital technologies.
Some of the types of bad bots are DDoS bots, which disrupt a website or online service by overwhelming it with traffic from multiple sources.
Cybercriminals are using Gen-AI tools to improve the efficiency and yield of their campaigns – with Check Point Research’s recent AI Security Report 2025 flagging the use of the technology for malicious activities like AI-enhanced impersonation and social engineering.
Account takeover bots, which use stolen credentials to access users’ online accounts; web content scraping bots, which copy and reuse website content without permission; and social media bots, which spread fake news and propaganda on social media platforms.
The purpose of Bad Bot is expose critical flaws and vulnerabilities within the security frameworks that IT leaders have established in their architectures and operations.
Unfortunately, traditional security operations centers (SOCs) are built to detect threats based on predefined rules and human-driven logic or characteristics.
AI-powered bots use automation and adaptive methods to execute more sophisticated and dynamic attacks that can bypass these existing defences.
Vulnerabilities are evolving so SOC team have more responsibilities then before as BOTs are AI powered.
Here we outlined three strategies to strengthen your SOC readiness
1.SOC team an essential or important component of business are in Fatigue Zone:
SOCs continuously monitor your organization’s network, systems, and applications to identify potential vulnerabilities and detect any signs of malicious activity.
SOC team quickly takes action to contain the threat and minimize damage, ultimately reducing the overall impact on your business.
Ponemon institute research say SOC teams are fatigued and one research pointed that 65% has fatigue and burn out issues.
That means Cyber security need to support the SOC teams and research found highlight that a lack of visibility and having to perform repetitive tasks are major contributors to analyst burnout.
Threat hunting teams have a difficult time identifying threats because they have too many IOCs to track, too much internal traffic to compare against IOCs.
Sometimes organizations have lack internal resources and expertise and too many false positives.
Bringing out SOC team from fatigue issue is as important as investing on training, upskilling on cyber skills and development to keep your team’s spirit high.
Establish Key Performance Indicators (KPIs) to measure the effectiveness of your SOC. Monitor these KPIs closely and use them to identify areas for improvement.
2. How do Organization harness Nex-gen technology to combat cyber Threats
Staying abreast of industry trends and best practices to ensure your SOC teams remains at the forefront of cyber security or ahead of the curve with Nex-gen technologies.
So that SOC teams can detect and respond to threats more quickly and efficiently, get holistic view of organizations security posture, AI and ML can augment the SOC team by automating routine task.
Many organizations are adopting hybrid cloud infrastructure and SaaS applications for productivity and cost efficiency reasons. But organizations face difficulty of managing and securing the data on those platforms, which is again leading to higher breach costs.
Darktrace report says 78% of the more than 1,500 security executives responding to a recent survey said that AI-powered threats are having a significant impact on their organizations – with many admitting they lack the knowledge, skills, and personnel to successfully defend against those threats.
Many organizations are already leveraging AI as a cyber-security tool.
Now more IT leaders say they are integrating AI into their cloud strategies for use in advanced security and threat detection.
Organizations can encounter several challenges when integrating AI into their cloud strategies.
Along with SOC team who seamlessly integrate across the organization, same is for AI. Seamless integrations of AI will make it easier for AI-assisted threat detection, notification, enrichment and remediation.
The purpose is AI should focus on tuning models that is organization specific environment. Once done AI will integrate threat intelligence and filtering will be done based on specific context. This will help reinforcing trust with customers and stakeholders.
3. Investing in Predictive Threat Modelling priority for Nex-gen SOC Teams
In this era where AI is being leveraged by organisation to derive accuracy, SOC teams who are evolving will prefer investing in intelligence predictive threat models that are proactive in nature to anticipate risks and refine their response strategies.
When organizations have a Threat Intelligence-Driven SOC it is easier to transform security operations from reactive to proactive defence. Most of the organization builds and operates its own SOC. That is done by employing a dedicated team of cyber security professionals who offers to take complete control over security operations but can be resource-intensive.
AI makes the process easier, as having AI-driven analytics will assist detect anomalous behaviours and zero-day threats.
Further with implementing predictive threat modelling to anticipate emerging attack patterns and leveraging the right frameworks, tools and best practices will help organizations build an intelligence-driven SOC. And with an intelligence-driven SOC team, anticipating any cyber threats can be dealt with efficiency.
IntruceptLabs now offers Mirage Cloak and to summarise Mirage Cloak offers various deception methods to detect and stop threats before they cause damage.
These methods include adding decoys to the network, deploying breadcrumbs on current enterprise assets, using baits as tripwires on endpoints.
This is executed by setting up lures with intentionally misconfigured or vulnerable services or applications.
The flexible framework also lets customers add new deception methods as needed.
Conclusion: Organizations can better protect their digital assets and ensure business continuity by understanding the key components and best practices for building a successful SOC.
At the end we must accept that to defend against any sort of AI attack, SOC teams must evolve with right collaborations and effective communication between partners seamlessly to evaluate information to stay ahead of attackers.
AI seen as potential for improved threat detection & cost optimization; Wipro Report
As sophisticated cyber threat grows so is the cost and leaders are now preferring to leverage AI for improved threat detection, incident response and cost optimization.
Wipro report on ‘State of Cybersecurity Report 2025’ say 35% cybersecurity leaders which is nearly 33%, globally are opting for AI-driven automation at the forefront of their strategic priorities.
The report surveyed over 100 global cybersecurity leaders and consultants and found that AI-driven automation and cost optimization were among the main cybersecurity priorities for organizations.
Key findings:
30% of respondents state that investing in AI automation to bolster cybersecurity operations and reduce costs is a top priority.
Other strategies used by CISOs to optimize costs include tools rationalization (26%), security and risk management process optimization (23%) and operating model simplification (20%).
The report also highlights the growing role of AI in managing cyber threats and how investing in advanced AI-driven security solutions, continuously monitoring AI developments.
Fostering a culture of innovation and adaptation within cybersecurity teams can play a significant role in risk management.
Many CISOs are leveraging AI to improve threat detection and response times (31 %) and to build enhanced incident response capabilities (24%).
“Cybersecurity budgets are struggling to keep pace with the growing sophistication of cyber threats,” said Tony Buffomante, SVP & Global Head — Cybersecurity & Risk Services, Wipro Limited. “AI offers a solution by helping organizations strengthen defenses while optimizing costs. This allows CISOs to adopt a more outcome-driven focus by prioritizing risk-adjusted returns on investments.
However, even with AI’s growing significance, the implementation of Zero Trust security frameworks remains the predominant investment focus for nearly all surveyed leaders.
AI The crime enabler
In the beginning of 2025, reports came from various sources attackers are weaponizing AI and what cyber security leaders will do about it.
We all know how AI AI has been a good force in helping organizations detect anomalies, automate security responses and to some extent strengthen defense measures. But cost is high and requires lot of investments which many organizations are unbale to do.
At the same time cybercriminals have started to leverage the same technology to supercharge their attacks. The dark web we all know has long been a marketplace for malware and stolen credentials, but in 2025, we’re seeing a surge in AI-powered Cybercrime-as-a-Service (CaaS). Even low-skilled hackers can now rent AI-driven attack tools, making sophisticated threats accessible to a wider pool of cybercriminals.
But what is concerning the type of attacks that selects high-value targets, customizes ransom demands and known as Automated ransomware.
Also malicious actors deploying AI Bots scan for vulnerabilities and analyze defenses, to launch cyber attacks with precisions.
Lot of voice and video spoofing kits have arrived in the market embedded with AI tools that generate convincing deepfake audio or video for fraud and impersonation scams.
Wake up call for Business & Organization
The rise of AI-powered cyber threats is a wake-up call for businesses, governments, and individuals alike and the ‘State of Cybersecurity Report 2025‘ exactly pin-points the necessity to have AI automation to bolster cybersecurity operations and reduce costs.
The next wave of cyber crime is going to be more tactful embedded with AI. AI can analyze vast amounts of publicly available data to create detailed psychological profiles of potential victims.
This enables cyber criminals and prepares them for highly targeted and persuasive social engineering attacks. Having automation driven by AI allows attacks to unfold much more rapidly, leaving defenders with less time to react.
Conclusion: AI-Powered Security Solutions: Just as attackers are leveraging AI, so too must defenders. Implementing AI-powered security tools will act as first line defense and will be able to adapt to new threats in real-time.
Sources: CISOs Increasingly Rely on AI to Navigate Cost Pressures and Enhance Resilience: Wipro Report
Critical SAP NetWeaver Vulnerabilities Addressed in May 2025 Patch – Immediate Action Required
Summary : SAP has released critical security updates for its May 2025 patch, including fixes for two actively exploited zero-day vulnerabilities in SAP NetWeaver Visual Composer.
SAP Visual Composer is not installed by default, however it is enabled because it was a core component used by business process specialists to develop business application components without coding.
| OEM | SAP |
| Severity | Critical |
| Date of Announcement | 2025-05-13 |
| No. of Vulnerabilities Patched | 16 |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.0 |
Overview
The most severe issue, CVE-2025-31324 (CVSS 10.0), is a critical unauthenticated file upload vulnerability that has been exploited in the wild since January 2025 for remote code execution (RCE).
This issue was originally addressed in an SAP security note issued on April 24, 2025, and has since been supplemented by a second vulnerability, CVE-2025-42999, involving insecure deserialization.
These vulnerabilities have been used together in chained attacks to gain full system access on vulnerable SAP NetWeaver servers.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
| Unauthenticated File Upload (RCE) | CVE-2025-31324 | SAP NetWeaver | Critical | 10.0 |
| Insecure Deserialization (RCE) | CVE-2025-42999 | SAP NetWeaver | Critical | 9.1 |
Technical Summary
Attackers have leveraged two flaws in SAP NetWeaver Visual Composer in chained exploit scenarios to gain unauthorized remote access and execute arbitrary commands.
CVE-2025-31324 enables unauthenticated file uploads, and CVE-2025-42999 allows privileged users to exploit insecure data deserialization for command execution.
These vulnerabilities have impacted hundreds of internet-facing SAP instances, including systems operated by major enterprises.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-31324 | SAP NetWeaver Visual Composer | Unauthenticated file upload vulnerability in development server. | Remote Code Execution (RCE) without privileges |
| CVE-2025-42999 | SAP NetWeaver Visual Composer | Insecure deserialization in Visual Composer user-accessible function. | Remote Code Execution (RCE) without privileges |
Source: SAP
In addition to the actively exploited vulnerabilities, several other High Severity Vulnerabilities were also addressed:
- CVE-2025-30018: SAP Supplier Relationship Management (Live Auction Cockpit) – Multiple vulnerabilities (CVSS 8.6)
- CVE-2025-43010: SAP S/4HANA Cloud Private Edition / On Premise (SCM Master Data Layer) – Code injection (CVSS 8.3)
- CVE-2025-43000: SAP Business Objects Business Intelligence Platform (PMW) – Information disclosure (CVSS 7.9)
- CVE-2025-43011: SAP Landscape Transformation (PCL Basis) – Missing authorization check (CVSS 7.7)
- CVE-2024-39592: SAP PDCE – Missing authorization check (CVSS 7.7)
Remediation:
- Apply Patches Promptly: Install the May 2025 security updates immediately to mitigate risks from CVE-2025-42999 and other high-severity vulnerabilities, including CVE-2025-31324, along with additional security improvements across various SAP products.
General Recommendations:
- Disable Visual Composer Service: If possible, disable the Visual Composer service to further reduce risk.
- Restrict Access to Metadata Upload Functions: Limit access to the metadata uploader to trusted users to prevent unauthorized file uploads.
- Monitor for Suspicious Activity: Continuously monitor the SAP NetWeaver environment for any signs of suspicious activity related to the vulnerabilities.
Conclusion:
- The dual exploitation of CVE-2025-31324 and CVE-2025-42999 underscores the critical need for proactive patching and vigilant monitoring of enterprise SAP environments.
- The vulnerabilities are being exploited by sophisticated threat actors, including the Chinese APT group Chaya_004, with over 2,000 exposed NetWeaver instances and hundreds already compromised.
- In response to the severity, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included CVE-2025-31324 in its Known Exploited Vulnerabilities Catalog and has mandated federal agencies to remediate by May 20, 2025, under Binding Operational Directive 22-01. Organizations are strongly urged to act immediately to protect their SAP environments.
References:
Critical Chrome Vulnerability (CVE-2025-2783) Exploited in Cyber-Espionage Campaign
| OEM | Google Chrome |
| Severity | High |
| CVSS | 8.3 |
| CVEs | CVE-2025-2783 |
| Exploited in Wild | Yes |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding the critical zero-day vulnerability, CVE-2025-2783, in Google Chrome and other Chromium-based browsers on Windows. This vulnerability is actively exploited in the wild and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, urged immediate patching to prevent security breaches and unauthorized system access.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Google Chromium Mojo Sandbox Escape Vulnerability | CVE-2025-2783 | Google Chrome | High | 134.0.6998.117/.118 |
Technical Summary
This high-severity vulnerability found in the Mojo framework of Chromium-based browsers including Google Chrome, Microsoft Edge, and Opera, Brave etc. The vulnerability originates from a logic error that results in an incorrect handle being provided under certain conditions. This flaw allows attackers to bypass Chrome’s sandbox protections and potentially execute arbitrary code on the affected system.
Security researchers from Kaspersky discovered this zero-day vulnerability as part of an advanced cyber-espionage campaign dubbed “Operation ForumTroll.” The attack campaign targeted media outlets, educational institutions, and government organizations in Russia through highly personalized phishing emails.
The exploit chain is particularly dangerous because it requires minimal user interaction. Victims only need to click on a malicious link in a phishing email, after which the attack executes automatically without any additional action from the user. Once triggered, the exploit allows attackers to escape Chrome’s sandbox environment, leading to remote code execution and possible system compromise.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-2783 | Google Chrome (Windows) | Incorrect handle provided in Mojo, allowing sandbox escape | Remote code execution, System Compromise |
Remediation:
- Google Chrome Patch Released: Google has released security updates in Chrome versions 134.0.6998.177/.178 to address this vulnerability. Users should update immediately.
General Recommendations:
- Enable Automatic Updates: Ensure automatic updates are enabled in Google Chrome and other Chromium-based browsers to receive future security patches promptly.
- Phishing Awareness Training: Organizations should educate employees on identifying and avoiding phishing emails to prevent exploitation.
- Endpoint Security Measures: Deploy endpoint detection and response (EDR) solutions to monitor and mitigate potential threats.
- CISA Compliance for Federal Agencies: Federal agencies must adhere to CISA’s Binding Operational Directive (BOD) 22-01 to address known exploited vulnerabilities promptly.
Conclusion:
The exploitation of CVE-2025-2783 demonstrates the ongoing threat posed by sophisticated cyber-espionage activities. Google has responded swiftly with a patch, and users are strongly advised to update their browsers immediately. Organizations should remain vigilant against phishing attempts and enhance their cybersecurity posture to mitigate similar threats in the future.
References:
Wazuh Server Vulnerability (CVE-2025-24016) Exposes Systems to RCE Attacks
Wazuh Server Vulnerability
Continue Reading