Major SAP Zero-Day Exploit and Data Breaches Make Headlines
Major SAP Zero-Day Exploit and Data Breaches Make Headlines
On April 24, 2025, the cybersecurity landscape was marked by a critical zero-day vulnerability in SAP NetWeaver, identified as CVE-2025-31324. This flaw enabled unauthorized access to the platform, prompting SAP to issue an emergency patch immediately following its disclosure. Organizations using SAP should prioritize applying this patch to safeguard against potential intrusions.
In parallel, Yale New Haven Health reported a severe data breach affecting approximately 5.5 million patient records. This incident involved unauthorized access, with data being copied on the same day as detection, though patient care services remained unaffected. Meanwhile, Baltimore City Public Schools faced a ransomware attack that impacted 25,000 individuals, leading to the encryption of critical data and exposure of personal information.
Additionally, Google confirmed a sophisticated phishing campaign targeting Gmail users by exploiting DKIM and OAuth protocols. Attackers sent deceptive emails that appeared legitimate, tricking users into granting access to compromised applications. These incidents underscore the urgent need for enhanced cybersecurity protocols across various sectors.
Also In Security Today
- SAP Emergency Patch: Organizations using SAP NetWeaver should apply the emergency patch for CVE-2025-31324 immediately to prevent unauthorized access. Source
- Yale New Haven Health Data Breach: Approximately 5.5 million patient records were compromised due to unauthorized access, prompting concerns about patient privacy. Source
- Baltimore City Schools Ransomware Attack: A ransomware attack affected 25,000 individuals, encrypting critical data and exposing personal information. Source
- Google Phishing Campaign: A sophisticated phishing campaign targeting Gmail users exploited DKIM and OAuth for unauthorized access. Source