Makes full sense :
securitybridge.com/press/securi...

SAP hotfixes and patch cycles are accelerating—but without SAP-aware detection, SOC teams drown in noise.
Governance checks are nice. Threat detection is vital.
Without DLP and adaptive alerts, you’re flying blind. #SAP #DLP #Cybersecurity

CERTFR-2025-AVI-0564: Multiples vulnérabilités dans les produits SAP
https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0564/

SAP’s cloud strategy isn’t about software delivery — it’s shifting responsibility. Customers often assume SAP secures everything, but that’s not the case. When incidents happen, insurers and regulators expect YOU to have done your part.
Awareness is key.
#SAPCloud #Security #SharedResponsibility

Subject fields of a certificate (CN, O, OU, etc.) must always be accurate — even for self-signed ones.
These are not cosmetic. They define identity and trust boundaries.
An invalid DN is technical debt at best, a trap at worst.
No, “internal use” doesn’t justify nonsense in cert fields.

A self-signed certificate gives you no identity, no trust, no revocation.

It’s not a security measure. It’s a placeholder — and a bad one.

Any shared system needs a real CA, internal or external. Period.

#PKI #X509 #enterpriseSecurity

⚠️Alerte CERT-FR⚠️

La vulnérabilité CVE-2025-31324 permet l'exécution de code arbitraire à distance pour un attaquant non authentifié dans SAP NetWeaver (Visual Composer development server). Le CERT-FR a connaissance de plusieurs compromissions.
www.cert.ssi.gouv.fr/alerte/CERTF...

Beyond noise, a perfectly balanced view :
securitybridge.com/blog/cve-202...