The compromised Lightning and Intercom packages have a combined monthly download count of nearly 10 million.

The post 1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom appeared first on SecurityWeek.

The Mini Shai-Hulud attack introduced a preinstall hook to fetch and execute a Bun binary and bypass security monitoring.

The post SAP NPM Packages Targeted in Supply Chain Attack appeared first on SecurityWeek.

The company has released 19 new security notes addressing flaws in over a dozen enterprise products.

The post SAP Patches Critical ABAP Vulnerability appeared first on SecurityWeek.

The flaws could allow attackers to access sensitive information, execute code, or cause unexpected behavior.

The post QNAP Patches Four Vulnerabilities Exploited at Pwn2Own  appeared first on SecurityWeek.

Following a series of high-profile cyberattacks, boards of directors are now requiring their organizations to take greater responsibility for the risks posed by enterprise resource planning (ERP) systems pose after a series of high-profile cyberattacks. The Jaguar Land Rover (JLR), incident in Sept. 2025 illustrates the severe consequences of such attacks. The cyberattack forced JLR to halt production for six weeks, making it the costliest cyberattack in Britain’s history. The company’s revenue declined 24 percent that quarter, accounting for potentially over a  $1.2 billion drop in earnings, and subsequently reported a 43.3% wholesale sales volume drop the following quarter.

For decades, organizations have treated ERP systems like SAP as back-office workhorses. However, the JLR incident—carried out by executed by the cybercrime group ShinyHunters —has thrust ERP systems into the spotlight. That shift in attention is critical: today, 90% of the Fortune 500 use SAP, making these systems “crown jewel” assets that require the highest level of protection.

The threat is escalating. A recent Google Cloud Security report forecasts that ransomware operations specifically designed to target critical enterprise applications such as ERP systems will emerge in 2026, forcing organizations to make quick ransom payments and sacrifice business resilience. 

In our roles as board members, advisers, and cybersecurity CEOs, we’re witnessing a fundamental shift in how organizations approach ERP security: the conversation has moved from compliance to survival. Organizations are grappling with critical question: Who owns the risk? What is our recovery time? Can we patch critical ERP vulnerabilities within 72 hours? Do we have visibility inside the application?

ERP risks are an existential threat

To understand the severity of ERP security risks, the C-suite must first recognize how critical these sytems are. ERP systems are the operating system of modern businesses: They process  invoices, manage supply chains, record revenue, pay employees, ship products, and more. The scale is staggering: SAP’s customers alone are responsible for 84% of the world’s commerce. – Given this ubiquity, if your organization’s leadership can’t confirm whether you’re using SAP, you almost certainly are.

In 2025, more than 500 companies fell victim to the SAP NetWeaver zero-day vulnerability. This attack underscores what many security practitioners have warned: ERP application security has evolved from a ‘nice to have’ to a business-critical necessity.

When Stoli Group’s US subsidiaries filed for bankruptcy in 2024 following a ransomware attack on its ERP system, it demonstrated a stark reality: losing these system can lead to a company shutting its doors. When an organization’s central nervous system goes offline, the entire business stops functioning.

Unfortunately, the adversaries understand this inherent leverage better than we do. According to Onapsis research, SAP vulnerabilities grew by 39 percent in 2025. The cybercriminal marketplace price for SAP exploits has grown 400% (to more than $250,000) since 2020, which reflects the immense ROI of holding a Fortune 500 company’s operational capacity hostage.

The timeline for defense has become critically compressed. In 2025, threat actors are exploiting SAP security vulnerabilities within 72 hours of patch releases. Unprotected ERP systems deployed in the cloud are discovered and compromised in less than 3 hours. Meanwhile, the average enterprise patch cycle takes weeks or even months due to the rigorous testing required for complex, customized ERP environments. This mismatch creates a dangerous window of vulnerability.

The regulatory compliance vise

Boards face mounting pressure from an increasingly stringent global regulatory environment focused on securing critical data and infrastructure. ERP systems house multiple types of highly regulated data simultaneously—including financial records, personal employee information, customer data, and supply chain details—making them a focal point for regulatory scrutiny.

For public companies in the United States, Sarbanes-Oxley (SOX) requires attestation of financial reporting. The security of ERP systems is a SOX control issue because a breach could cause the efficacy of these systems to be compromised.

In the European Union (EU), GDPR regulations penalize companies that fail to protect personally identifiable information (PII). ERP systems house the vast majority of employee and customer data.

SEC disclosure rules in the United States and two other EU regulations, NIS2 and DORA, have introduced personal liability for board members and executives who fail to oversee their cybersecurity risks. A director can no longer say, “I didn’t understand the technical details.” Ignorance is now a legal liability.

A boardroom playbook for ERP resilience

As board members and advisors to multiple companies and audit committees, we have three key expectations for how organizations should approach ERP security.

First, boards need risk presented in dollar terms. Instead of asking for money to “patch technical vulnerabilities,” CISOs should tell the board exactly how much revenue is at risk. When requesting budget to secure SAP, frame it as an investment to protect specific revenue streams. This helps boards understand what they stand to lose, not just what they need to spend.

Second, stop treating security and productivity as opposing forces. Yes, patching systems might cause a brief disruption. But that minor inconvenience is nothing compared to the catastrophic impact of a total system lockout like the one ShinyHunters executed against JLR. CISOs should partner with CIOs to deploy automated monitoring tools that can detect potential exploits and prioritize patches for the most critical ERP vulnerabilities.

Third, someone must own responsibility for protecting these “crown jewel” systems. Too often, there’s a gray area between the CISO (who sets security policy), the CIO (who manages the technology infrastructure), and the ERP vendor. Boards must demand a clear shared responsibility model that defines who is accountable for what. It’s important to note that ERP vendors are not responsible for securing the application and data once deployed—which makes clear internal ownership even more critical.

Board members should be demanding answers to these questions: Do we have visibility into our ERP risk? Would we have visibility into an active attack?

We must assume a breach will happen. The only way to validate resilience is to test it. Boards should mandate tabletop exercises specifically designed around an ERP ransomware scenario, asking further questions like, “How do we communicate with suppliers?,” “How do we build and ship our products?,” “How do we make payroll?,” and “How do we restore from immutable backups if the primary data is compromised?”  Organizations must test their resilience before a crisis strikes, not during one.

A license to operate

The Jaguar Land Rover compromise was a watershed moment because it stripped away the illusion that our core systems are safe behind firewalls. Attackers have shifted their focus to critical business systems. They’ve professionalized their operations and dramatically increased the speed of their attacks.

For the C-suite and boards, the era of plausible deniability is over. Security is no longer just an IT expense; it’s what keeps your doors open. If you cannot protect the integrity of your financial data and the continuity of your supply chain, you do not have a viable business.

Just as boards have visibility into risk, CISOs should have visibility into all ERP instances. Organizations require four critical capabilities: discovery (identifying all ERP systems), assessment (finding vulnerabilities such as missing patches, weak configurations, and insecure custom code), real-time monitoring (detecting suspicious activity that may indicate an attack), and incident response (being able to quickly investigate and contain an ERP incident).

The decisions made in the boardroom today will affect the outcomes tomorrow. The next JLR-like event is most likely already unfolding. The only variable is whether your organization will be the next cautionary tale or the defender that held the line.

Dave DeWalt is the founder and CEO of NightDragon. Mariano Nunez is the CEO and co-founder of Onapsis.

The post Why boards should be obsessed with their most ‘boring’ systems appeared first on CyberScoop.

ISSUE 22.48 • 2025-12-01 BEN’S WORKSHOP By Ben Myers The General Store, at the very center of Harvard, Massachusetts, is a one-of-a-kind place to meet and greet friends and colleagues. It offers excellent food and some occasional live performances, all in a rustic building constructed in 1850. The computer equipment used by the store is […]

Nmap is a powerful open-source tool commonly used by system/network administrators and security professionals to perform network discovery, security auditing, and basic vulnerability assessment.

The post Nmap Cheatsheet appeared first on Black Hills Information Security, Inc..

Nmap, also known as Network Mapper, is a commonly used network scanning tool. As penetration testers, Nmap is a tool we use daily that is indispensable for verifying configurations and identifying potential vulnerabilities.

The post Vulnerability Scanning with Nmap  appeared first on Black Hills Information Security, Inc..

Hello and welcome! My name is John Strand. In this video, we’re going to be talking about using SpiderTrap to entrap and ensnare any web application pentesters or hackers that […]

The post Messing With Web Attackers With SpiderTrap (Cyber Deception) appeared first on Black Hills Information Security, Inc..

Jordan Drysdale // tl;dr BHIS made some interesting discoveries while working with a customer to audit their Amazon Web Services (AWS) infrastructure. At the time of the discovery, we found […]

The post Securing the Cloud: A Story of Research, Discovery, and Disclosure appeared first on Black Hills Information Security, Inc..

Joff Thyer // The Domain Name System (DNS) is the single most important protocol on the Internet. The distributed architecture of DNS name servers and resolvers has resulted in a […]

The post Tap Into Your Valuable DNS Data appeared first on Black Hills Information Security, Inc..

Kent Ickler & Jordan Drysdale // Preface We had a sysadmin and security professional “AA” meeting on November 8, 2018. We met and discussed things that seem to be painfully […]

The post WEBCAST: Blue Team-Apalooza appeared first on Black Hills Information Security, Inc..

Matthew Toussain// Portswigger’s Burpsuite has become the tool of choice for web application penetration testers. OWASP’s Zed Attack Proxy (ZAP) not only fights in the same weight class but also […]

The post WEBCAST: There and Back Again – A Pathfinder’s Tale appeared first on Black Hills Information Security, Inc..

David Fletcher// This blog post is going to illustrate setting up a software access point (AP) on Ubuntu 16.04.  Having the ability to create a software AP can be very […]

The post How to Build a Soft Access Point in Ubuntu 16.04 appeared first on Black Hills Information Security, Inc..

Brian Fehrman // You’ve sent your phishing ruse, the target has run the Meterpreter payload, and you have shell on their system. Now what? If you follow our blogs, you […]

The post How to Use Nmap with Meterpreter appeared first on Black Hills Information Security, Inc..

BBKing // So I’m working the other day, and my wife asks me why the TV is on. I don’t know. I didn’t turn it on. But it’s near my […]

The post AppleTV & nmap -sV appeared first on Black Hills Information Security, Inc..

Rick Wisser // All right, you’ve taken all the precautions related to your network. You have lockout controls in place, you use awesome password policies (20 characters with uppercase, lowercase, […]

The post Are you Snoopable?! appeared first on Black Hills Information Security, Inc..

Sally Vandeven // In a recent conversation with Paul Asadoorian, he mentioned a Nessus plugin called nmapxml.  He was not sure how well it worked but suggested I try it […]

The post Nessus & Nmap appeared first on Black Hills Information Security, Inc..