Ransomware gangs join ongoing SAP NetWeaver attacks

Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers. SAP released emergency patches on April 24 to address this NetWeaver Visual Composer unauthenticated file upload security flaw (CVE-2025-31324), days after it was first tagged by cybersecurity company ReliaQuest as targeted in the wild. Successful exploitation lets threat actors upload malicious files without requiring login credentials, potentially leading to complete system compromise. Today, in an update to their original advisory, ReliaQuest revealed that the RansomEXX and BianLian ransomware operations have also joined these attacks, although no ransomware payloads were successfully deployed. "Continued analysis has uncovered evidence suggesting involvement from the Russian ransomware group 'BianLian' and the operators of the 'RansomEXX' ransomware family (tracked by Microsoft as 'Storm-2460')," t ... Read full article.