Onapsis Podcast

When zero-day CVE-2025-31324 surfaced, organizations had to react quickly. SAP and Onapsis worked closely to analyze the threat, validate exploitation activity, and deliver protections for customers worldwide. In this joint session, you’ll get a behind-the-scenes look at how security research and collaboration accelerate guidance, patching, and response to this zero-day. Hear from the experts about what happened, what was learned, and what every SAP customer should be doing now to strengthen their landscape. Key Takeaways: Recommended steps SAP customers should take to reduce future risk SAP’s quick response to address CVE-2025-31324 How SAP and Onapsis collaborated to better understand what threat actors were exploiting Timeline walkthrough: from discovery to analysis to guidance What active exploitation revealed about modern SAP threat actors How SAP & Onapsis Research Labs collaboration strengthens enterprise resilience

Your SAP applications aren’t just software—they’re the lifeblood of your business. In today’s threat landscape, relying on generic security isn’t enough. You need tailor-made, enterprise-grade protection. 2025 was a pivotal year for SAP security, marked by critical vulnerabilities, zero-day exploits, and evolving attacker tactics targeting business-critical systems. JP Perez-Etchegoyen and Paul Laudanski from Onapsis Research Labs (ORL) recap the top SAP security vulnerability trends from 2025, provide an anatomy of real attacks to SAP Applications, and share practical guidance to help you strengthen your SAP defenses for 2026. You’ll learn: Key lessons from 2025’s most impactful SAP vulnerabilities and exploits How threat actors are exploiting vulnerabilities like CVE-2025-31324 Actionable steps to take now to protect your SAP landscape from known exploits and future vulnerabilities Detailing steps to secure your SAP landscape in 2026 with a webinar-exclusive checklist

2025 has proven to be a real “wake up call” for SAP security, marked by critical zero-days, public exploits, a significant rise in sophisticated threat actor activity, and hundreds of global enterprises compromised after waves of targeted attacks that continue to this day. Security teams are struggling to keep pace – especially when it comes to unfamiliar, complex software such as SAP. These teams frequently lack the deep SAP threat insights and specialized exploit detection that today’s modern SAP attack landscape requires in order to effectively defend these mission-critical business systems. This webinar will provide security professionals with an in-depth, educational look at both the latest tactics, techniques, and procedures used by threat actors to directly attack SAP, as well as the next-gen methodologies and tooling required to defend against them. You will learn: How Onapsis Defend and Microsoft Sentinel for SAP integrate together to help customers defend their critical systems against increasingly successful SAP cyberattacks Key lessons from 2025’s most impactful SAP vulnerabilities, exploits, and breaches The latest exploit detection, response automation, and AI capabilities your team should be leveraging to accelerate and optimize your SAP incident response

This on-demand webinar delves into the key findings from the SAPinsider Benchmark Research report, “The Technology Leader’s 2025 Agenda for SAP.” This session will break down the strategies and investments that technology leaders are prioritizing as they navigate the shift to SAP S/4HANA and the growing influence of AI. In this session, we’ll cover: Business Priorities: Discover the top business priorities for technology leaders in 2025, with a deep dive into why increasing process efficiency and building an AI strategy are at the top of the list. Investment Trends: Understand where technology leaders are directing their budgets, including strategic investments in current and new AI technologies, SAP S/4HANA, and data warehousing platforms. The Talent Gap: Learn about the most in-demand SAP-related skills and how companies are preparing their teams for the challenges of SAP S/4HANA migration and AI deployment. Overcoming Challenges: Hear about the biggest roadblocks to AI deployment, such as a lack of clean data and security concerns, and learn how to address them responsibly.

Over 92% of organizations identify the data in their SAP systems as mission-critical or highly important. Yet, the cybersecurity landscape is more challenging than ever. Onapsis, in collaboration with SAPinsider, presents the findings of their latest research report, Cybersecurity Threats and Challenges to SAP Systems. In this on-demand webinar, you’ll gain crucial insights into the evolving threat landscape, including why data exfiltration has become the number one concern for SAP systems. We’ll also cover the number one challenge organizations face: keeping up with security notes and patches. In this webinar, you’ll learn: The top cybersecurity threats to SAP systems in 2025, and how they’ve shifted. Key drivers behind your cybersecurity strategy, from protecting sensitive data to keeping systems online. The biggest challenges organizations face in securing SAP systems, and how to overcome them. The cybersecurity investments and actions leading professionals are prioritizing. Actionable strategies to mature your defenses and take control of your SAP landscape’s security today. Watch now to gain crucial insights and actionable strategies for a more secure SAP environment.

The decision to migrate to SAP RISE represents a significant opportunity, but it also introduces a fundamental shift in how security is managed. A successful transformation hinges on a clear understanding of the SAP RISE shared responsibility model—who does what and when. A proactive approach to this model is critical for laying a strong foundation and avoiding costly issues down the line. This session will cover: The key security differences between your current on-premise environment and a future cloud-based model, and how the shared responsibility model redefines your role. How to assess your existing security posture and align it with the responsibilities you will retain in the SAP RISE cloud. Best practices for developing a robust pre-migration security strategy that leverages the shared responsibility framework to minimize risk. A roadmap for protecting your data and systems by clearly defining your duties and those of SAP. By the end of this session, you’ll have a clear understanding of the crucial steps your organization needs to take to prepare for and ensure a successful SAP RISE journey by effectively navigating the shared responsibility model.

In recent months, an unprecedented wave of SAP zero-day attacks exposed critical structural weaknesses in the security programs of hundreds of the world’s leading organizations—raising urgent questions about detection, response, and long-term resilience of their business-critical applications. And while this made major headlines, many business leaders are still scrambling to understand what happened, what this means for their organization, and how to be protected against future attacks. Cybersecurity leaders from EclecticIQ, Mandiant, NightDragon, and Onapsis come together to unpack these threats—from initial discovery of in-the-wild SAP exploitation and dissection of the first-ever SAP zero-day, to coordinated disclosure, patching, and proactive defense strategies. What you will learn? You will gain an inside look at how advanced threat actors are targeting SAP applications, what threat intelligence reveals about ongoing exploitation campaigns, and why traditional defenses often fall short. You’ll also walk away with practical guidance on how to assess risk, accelerate remediation, and harden SAP environments against future zero-day threats. Whether you’re a CISO, CIO, or business leader, this session will equip you with the insights and actions needed to protect your organization’s most critical systems.

Discover key insights, gain actionable advice, and empower your organization to navigate the cloud securely during this conversation with industry experts from Onapsis and Capgemini. Join us for an educational conversation where we delve into the world of SAP security in the cloud. As enterprises increasingly migrate their SAP systems to the cloud, it becomes imperative to address the unique security challenges that arise in this new landscape. In this thought leadership session, our experts will share best practices, solutions and practical strategies for securing SAP in the cloud, including an update on the SAP threat landscape, the Shared Fate & Responsibility Model for SAP applications and best practices to ensure the integrity, confidentiality, and availability of critical business data. Discover key insights, gain actionable advice, and empower your organization to navigate the cloud securely while harnessing the full potential of SAP.

Evidence of active attacks against this vulnerability has been observed by ReliaQuest, Onapsis Threat Intelligence, and confirmed by multiple IR firms in recent active investigations. SAP published an emergency security patch on April 24, 2025 to address this issue. The vulnerability is of critical severity (CVSS 10), and affects the SAP Visual Composer component of SAP Java systems, which is not enabled by default. Critical Exploit Details: Unauthenticated threat actors can exploit CVE-2025-31324. Attackers can gain full control of vulnerable SAP systems. Risks include unrestricted access to SAP business data and processes, ransomware deployment, and lateral movement. Continued exploitation is expected against vulnerable internet-facing SAP Java systems.

SAP defenders were briefed on an active exploitation campaign targeting a critical CVSS 10.0 vulnerability (CVE-2025-31324). The attack campaign was executed against SAP systems around the world. Thanks to rapid response from SAP, a security patch was released quickly. However, the ongoing impact of this orchestrated attack campaign remains far-reaching and the threat of further potential exploitation of this vulnerability is still very much active.

In this episode of the SAPinsider Las Vegas 2025 podcast, host Robert Holland SAPInsider speaks with JP Perez-Etchegoyen, CTO and co-founder of Onapsis, and Gaurav Singh, Senior Cybersecurity Manager at Under Armour, about the growing importance of cybersecurity in SAP landscapes. The conversation centers around their newly released book, Cybersecurity for SAP, the first SAP Press book to bridge the gap between traditional SAP security and modern cybersecurity practices. Perez-Etchegoyen and Singh discuss key challenges SAP customers face—like increased landscape complexity, cloud transitions, and lingering myths that SAP systems behind firewalls are secure. They emphasize the critical need for collaboration between SAP and security teams, a shift in mindset toward proactive cybersecurity, and the adoption of risk-based strategies. The duo also highlights the importance of purposeful action, education, and building strong cybersecurity programs tailored to evolving SAP environments.

An Interview with Mariano Nunez of Onapsis. In this episode of the SAPinsider Las Vegas 2025 podcast, host Robert Holland SAPInsider speaks with Mariano Nunez, CEO and co-founder of Onapsis, about the evolving cybersecurity landscape for SAP customers. Nunez shares key challenges organizations face in securing SAP applications—especially during cloud migrations like RISE with SAP—highlighting the confusion around shared security responsibilities between SAP and its customers. He emphasizes the importance of visibility, automation, and expert guidance to build secure-by-design cloud environments and ensure compliance. The conversation also explores the surge in cyber threats targeting SAP systems, the growing role of AI in both offensive and defensive security strategies, and the critical need for specialized SAP cybersecurity expertise. Nunez encourages SAP professionals to expand their skills into cybersecurity, noting the career opportunities emerging at this intersection. He also discusses Onapsis’ unique role as a cybersecurity partner with an SAP-endorsed app and the value of people, processes, and partnerships in creating comprehensive security solutions.

CISA recently updated their Known Exploited Vulnerabilities (KEV) catalog with an SAP vulnerability: CVE-2017-12637. When exploited, this vulnerability affecting SAP Netweaver AS Java application servers can enable unauthenticated threat actors to take full control of unprotected SAP systems. While this is a known security vulnerability that was promptly patched by SAP in 2017, Onapsis Research Labs have observed this issue being present in several environments to this day. Onapsis Research Labs has also recently identified active exploitation via our global SAP Threat Intelligence Network, and we will be sharing our findings with the public.

Sichere SAP-Lösungen für Logistik und Produktion mit RISE und BTP Ein Webinar im Rahmen der 20. IT-Onlinekonferenz: Produktions- und Logistikprozesse mit SAP – Die führende Konferenz für SAP-gestützte Produktion und Logistik. Die digitale Transformation in Produktion und Logistik, angetrieben durch SAP RISE und die SAP Business Technology Platform (BTP), eröffnet Unternehmen neue Möglichkeiten zur Prozessoptimierung. Gleichzeitig entstehen Herausforderungen, diese geschäftskritischen Systeme sicher und compliant zu gestalten. In diesem Webinar erfahren Sie, wie Onapsis Unternehmen unterstützt, SAP-Anwendungen in Cloud- und hybriden Umgebungen zu schützen, Sicherheits- und Compliance-Anforderungen zu erfüllen und die Integrität sensibler Daten und Prozesse sicherzustellen. Highlights: Effiziente Sicherheitslösungen für hybride SAP-Landschaften. Echtzeit-Bedrohungserkennung und Schwachstellenmanagement. Best Practices für SAP RISE und BTP.

Learn best practices for security and resilience of SAP systems in the utilities sector In this session you will learn how Eversource is adapting to the evolving threat landscape. Hear from security leaders about why they chose Onapsis and how leveraging the Platform has helped to save money, ensure security, and pinpoint vulnerabilities.

With 2024 behind us, the best way to prepare for a successful 2025 is to evaluate the past. JP Perez-Etchegoyen and Paul Laudanski from Onapsis Research Labs (ORL) will recap trends from 2024 and provide best practices to prepare you for threats targeting business critical applications in 2025. In this session you’ll gain a greater understanding of: Macro trends and observations gleaned from the extensive security research conducted by Onapsis Research Labs A comprehensive recap of critical patches and noteworthy news from 2024, ensuring you can prioritize to support your team’s efforts Actionable insights to empower your team in securing your SAP landscape in 2025 and beyond.

In this session we explore the transformative changes introduced by the NIS2 Directive This discussion will provide a comprehensive overview of how NIS2 differs from the original NIS Directive and what these changes mean for organizations relying on SAP systems. Organizations across the EU are going to be impacted when NIS2 goes into effect and need to be aware of the impact it will have on SAP system landscape.

Everything you need to know in the world of ERP security with The Defenders Digest. Hear directly from Paul Laudanski & JP Perez-Etchegoyen of Onapsis Research Labs as they chat through monthly highlights and need-to-know information around SAP and Oracle security.

SAP offers a highly secure and compliant cloud infrastructure for RISE with SAP customers. With the peace of mind that SAP is managing the security of the foundational layers, customers can concentrate on their own security and compliance responsibilities: protecting business processes, sensitive data, and any extensions or customizations. To implement effective controls and governance in these areas, the right teams and tools are essential. Onapsis delivers SAP-endorsed technology, threat intelligence, and expertise to help RISE with SAP customers meet their application security and compliance responsibility in the cloud. In this informative presentation featuring Roland Costea, CISO at SAP Enterprise Cloud Services (ECS), and Mariano Nunez, CEO & Co-Founder of Onapsis, you will discover how the people, processes, and technologies at SAP ECS combined with the Onapsis capabilities, empower customers to better secure their Cloud ERP systems and promote long term business resilience.

Onapsis Research Labs observed and analyzed malicious activity detected though our global threat intelligence cloud. A system running SAP was compromised and turned into a command and control bot by injecting a malicious file via an SAP vulnerability. The C2 initiated a distributed denial of service attack involving Cloudflare. Our team will review the details of this attack including source IP addresses, the malicious file, the installation of midnight commander, and cover the commands that were executed on the host system that included an assessment of the compromised SAP system during this session.

In this webinar we dive into the intricacies of the shared responsibility model within RISE with SAP. Representatives from SAP, Onapsis, and Deloitte will lead this session, providing valuable insights into the specific roles and responsibilities each organization plays in helping clients enhance SAP application security. Learn how these industry leaders collaborate to create a robust application security framework that enables you, the customer, to protect your SAP environment effectively.

The threat landscape for SAP systems is rapidly expanding, with ransomware and malware attacks on the rise. While these attacks may not directly target SAP systems, they often impact connected systems or environments. A growing concern for SAP customers is the increase in social engineering and credential compromise attacks, which can expose valuable data within SAP systems. As a result, SAPinsiders have highlighted the need to address system vulnerabilities as a top priority. This year, respondents identified unpatched systems as the biggest cybersecurity threat to their SAP environments, continuing a three-year trend of vulnerabilities due to delayed patches and updates. This report is sponsored by Onapsis.

This session will show how Siemens Healthineers protects critical SAP assets proactively in a global environment on its transformation to SAP RISE with the help of Onapsis. Learn how the company ensures resilience and robustness against evolving cyber threats and maintains operational continuity and compliance.

RISE with SAP is a comprehensive suite of cloud-based applications, platforms, tools, and services that help businesses of all sizes accelerate their digital transformation. However, any migration to the cloud comes with security challenges. Using third-party security technology can enhance and expand your ability to protect your data and systems while transitioning into a RISE with SAP environment. In this webinar, learn how enhanced visibility, automated security scanning, and incident response can augment your team’s ability to inspect what they expect from RISE with SAP, increase business value, and promote risk abatement.

In today’s digital landscape, where data breaches and cyber threats are constantly evolving, safeguarding critical business systems like SAP Business Technology Platform (BTP) is paramount. This session will provide attendees with information about how and why it is important to secure their SAP BTP environments against cyber threats, as well as practical strategies for fortifying the platform. This will include subject matter experts discussing the SAP BTP security landscape, the latest security features and functionalities offered by SAP BTP, advanced security configurations, and best practices for implementation and maintenance.

Everything you need to know in the world of ERP security with The Defenders Digest. Hear directly from Paul Laudanski & JP Perez-Etchegoyen of Onapsis Research Labs as they chat through monthly highlights and need-to-know information around SAP and Oracle security.

Everything you need to know in the world of ERP security with The Defenders Digest. Hear directly from Paul Laudanski & JP Perez-Etchegoyen of Onapsis Research Labs as they chat through monthly highlights and need-to-know information around SAP and Oracle security.

Everything you need to know in the world of ERP security with The Defenders Digest. Hear directly from Paul Laudanski & JP Perez-Etchegoyen of Onapsis Research Labs as they chat through monthly highlights and need-to-know information around SAP and Oracle security.

Everything you need to know in the world of ERP security with The Defenders Digest. Hear directly from Paul Laudanski & JP Perez-Etchegoyen of Onapsis Research Labs as they chat through monthly highlights and need-to-know information around SAP and Oracle security.

Everything you need to know in the world of ERP security with The Defenders Digest. Hear directly from Paul Laudanski & JP Perez-Etchegoyen of Onapsis Research Labs as they chat through monthly highlights and need-to-know information around SAP and Oracle security.

Everything you need to know in the world of ERP security with The Defenders Digest. Hear directly from Paul Laudanski & JP Perez-Etchegoyen of Onapsis Research Labs as they chat through monthly highlights and need-to-know information around SAP and Oracle security.

Everything you need to know in the world of ERP security with The Defenders Digest. Hear directly from Paul Laudanski & JP Perez-Etchegoyen of Onapsis Research Labs as they chat through monthly highlights and need-to-know information around SAP and Oracle security.

Everything you need to know in the world of ERP security with The Defenders Digest. Hear directly from Paul Laudanski & JP Perez-Etchegoyen of Onapsis Research Labs as they chat through monthly highlights and need-to-know information around SAP and Oracle security.

Everything you need to know in the world of ERP security with The Defenders Digest. Hear directly from Paul Laudanski & JP Perez-Etchegoyen of Onapsis Research Labs as they chat through monthly highlights and need-to-know information around SAP and Oracle security.

Everything you need to know in the world of ERP security with The Defenders Digest. Hear directly from Paul Laudanski & JP Perez-Etchegoyen of Onapsis Research Labs as they chat through monthly highlights and need-to-know information around SAP and Oracle security.

Everything you need to know in the world of ERP security with The Defenders Digest. Hear directly from Paul Laudanski & JP Perez-Etchegoyen of Onapsis Research Labs as they chat through monthly highlights and need-to-know information around SAP and Oracle security.

Everything you need to know in the world of ERP security with The Defenders Digest. Hear directly from Paul Laudanski & JP Perez-Etchegoyen of Onapsis Research Labs as they chat through monthly highlights and need-to-know information around SAP and Oracle security.

Everything you need to know in the world of ERP security with The Defenders Digest. Hear directly from Paul Laudanski & JP Perez-Etchegoyen of Onapsis Research Labs as they chat through monthly highlights and need-to-know information around SAP and Oracle security.

Everything you need to know in the world of ERP security with The Defenders Digest. Hear directly from Paul Laudanski & JP Perez-Etchegoyen of Onapsis Research Labs as they chat through monthly highlights and need-to-know information around SAP and Oracle security.

Over the past few years, the threat landscape around SAP applications has evolved significantly. What has driven this change? Threat actors are increasingly seeing the profit derived from SAP applications, associated data they hold, and taking advantage of vulnerabilities. Pulling from Onapsis’ expertise in SAP cybersecurity and Flashpoint’s depth of threat intelligence, this webinar covers: - The current SAP threat landscape - Open Deep and Dark Web references to SAP vulnerabilities - Threat actor groups that commonly target SAP -applications - SAP vulnerabilities and exploits

This presentation will delve into how the collaboration between SAP and Onapsis provides invaluable support to customers in managing cyber risks. The session is designed to inform about navigating the complex cybersecurity environment effectively. It’s an opportunity to understand how this cooperative effort is tailored to bolster customers’ defenses against evolving threats, focusing on empowerment and proactive protection.

With an expanding attack surface for SAP, it’s more important than ever to ensure you are protecting your most critical SAP systems, especially as you move to SAP S/4HANA Private Cloud Edition (PCE) as part of the RISE with SAP. Like all cloud offerings, RISE with SAP splits security ownership between the cloud provider – in this case, SAP – and you, the cloud customer. While this may vary from customer to customer, in general, SAP is responsible for security of the cloud, and you own security for what goes into the cloud. Building security into your S/4HANA Cloud journey is a team sport, so we’ll show you how to!

2024 has just begun, but we are firm believers that the best way to prepare for the future is to evaluate the past and look ahead. Join JP Perez-Etchegoyen and Paul Laudanski from Onapsis Research Labs (ORL) as they recap trends from 2023 and provide best practices to prepare you for threats in 2024. You’ll walk away with an understanding of: - Key macro trends and observations gleaned from the extensive research conducted by Onapsis Research Labs. - A comprehensive recap of critical patches and noteworthy news from 2023, ensuring you stay abreast of the latest developments. - Actionable insights to empower your team in securing your ERP landscape in 2024 and beyond.

Traditional cybersecurity investments have focused on defending the perimeter with little attention paid to the application layer. More importantly, those applications enable the most critical business functions of your organization, such as financials, manufacturing, and the supply chain. With SAP as the core technology foundation for many large enterprises, it presents an attractive target for malicious actors. Building from basic security hygiene to advanced concepts, you can play a key role in ensuring that strategic operations and critical processes of your business are protected. Key strategies to maintain compliance and better mitigate risk across your SAP landscape.

Businesses use enterprise resource planning (ERP) systems, like SAP, to keep their critical business assets, data and IP in one place. While ERP systems unify platforms and departments, centralizing large enterprise data presents an attractive target for malicious actors. An interconnected system combined with inadequate ERP security increases the risk of attacks and makes ERP systems a prime target for adversaries. To shed light on the state of ERP security in 2023, we have analyzed and observed threats and attacks targeting ERP applications. Learn about the state of ERP Security, strategies to maintain compliance, and how to better mitigate risk across your SAP landscape.

Unlock the secrets to fortifying your company's digital defenses in this engaging Podcast. We'll spotlight the crucial gaps that often exist between SAP security and traditional IT safeguards, presenting six vulnerabilities you can't afford to ignore. From application layer blind spots to the challenges of implementing complex security tools, we'll break it all down. Onapsis will offer practical solutions tailored for these unique security challenges. By tuning in, you'll walk away with clear strategies to make your business more resilient against emerging digital threats.

Complex SAP landscapes create complex business and security challenges. Moving to a RISE with SAP program has the potential to simplify many aspects of this complexity. However, do you know what your security responsibilities are under RISE with SAP? As part of RISE with SAP, customers benefit from high-caliber, secure cloud infrastructure and various security services managed by SAP. However, it’s important to remember that there are areas of security that are NOT covered by SAP that you will have to manage yourself.

In this Podcast you will hear JP Perez-Etchegoyen, Co-Founder & CTO at Onapsis, take on the state of critical application security, thoughts on modern day SAP attacks and threat actor groups, and a new way of thinking about ERP security to protect what matters most to your organization. In this session, we’ll cover: The power and importance of business applications and why they are a target A look back at an extremely active few years of threats including tactics, techniques, and procedures of threat actors continuing to evolve. Key strategies to maintain compliance and better mitigate risk across your SAP landscape.

It’s no secret that true visibility and understanding of risk to SAP landscapes can be challenging to navigate, especially for utility companies. The good news? There is a path forward whether you are just starting your SAP security journey or looking to optimize your security practices. In this Podcast SAP & Onapsis explore Oklahoma Gas & Electric Company's (OG&E) comprehensive approach to SAP security. They will share their maturity journey and integrated approach to gain true visibility and velocity when it comes to protecting their SAP landscape.

The podcast explores the increasing cybersecurity threats to SAP systems, highlighting that attackers are quick to exploit vulnerabilities, often just days after patches are released. The discussion rounds out with insights on comprehensive vulnerability management, the specific threat of ransomware, and the influence of external factors like new legislation and evolving threats on cyber defense strategies.