SecOps & Risk mitigation
CyberProof uses OSINT and threat intelligence feeds for visibility into threats.
CyberProof’s adaptable playbooks address continuously evolving threats with updated strategies.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
24/7 global SOC support ensures incident response with guaranteed SLA.
24/7 global SOC support ensures incident response with guaranteed SLA.
CyberProof develops recovery plans, restoring capabilities after a cyber incident.
Classify and manage enterprise assets, understanding risks and data sensitivity.
Non-destructive tests uncover potential exploits in assets and applications.
Mitigate security issues early with CyberProof’s training and awareness programs.
Rigorous security assessment for on-premise and cloud applications to ensure protection.
IAM manages user access, monitors for anomalies, ensuring security.
Cloud First approach ensures compliance and security within cloud environments.
Managed service for SIEM, EDR, MXDR, and threat intelligence solutions.
Identify, assess, and mitigate security vulnerabilities through regular scanning.
Partners
See all partners“Today I have complete visibility into the entire environment, in real time”
Jamil Farshchi | Equifax CISO
CyberProof Acquires Interpres Security
By leveraging and integrating the Interpres Security CTEM solution into its security services portfolio, CyberProof is able to continuously identify, assess, and prioritize risk while adapting defense services, like MDR, Vulnerability management and Use case management to address ever evolving threats. Take proactive steps to fortify your security today!
Threat Alerts
SAP NetWeaver Sees Second Phase of Targeted Exploitation
A second wave of cyberattacks is actively targeting CVE-2025-31324 (CVSS 9.8), a critical vulnerability in SAP NetWeaver Visual Composer. Recent activity indicates a marked escalation, with threat actors leveraging previously planted webshells to maintain persistent access. Hundreds of confirmed compromises have been reported globally across various sectors. The activity is more advanced than previously assessed, involving SAP-specific expertise and the use of living-off-the-land techniques to avoid detection. The campaign has been attributed to a threat cluster referred to as “Chaya_004”, which is using infrastructure that impersonates Cloudflare certificates and spans over 787 IPs, primarily hosted by Chinese cloud providers. The scale and sophistication of this operation indicate a strategic effort to target business-critical SAP environments across multiple industries.
Affiliates and tactics of LockBit revealed in latest breach
On May 8, 2025, the LockBit ransomware group suffered a major breach, with attackers compromising its dark web admin and affiliate panels. The incident exposed nearly 60,000 Bitcoin addresses, malware samples, and thousands of negotiation messages with victims. User credentials for 75 affiliates and administrators were also leaked, along with custom ransomware variants linked to targeted companies. While LockBit confirmed the breach, they claimed no private keys or source code were exposed. The identity of the perpetrators remains unknown, though a similar message left on LockBit’s site was also observed in a recent breach of the Everest ransomware gang’s leak site—suggesting a possible link between the two incidents. Following Operation Cronos in 2024, this marks the second major disruption to LockBit, further damaging its credibility.