Sitecore – Experimental News Clipping Site

The Register: Attackers snooping around Sitecore, dropping malware via public sample keys

Sep 4, 2025

—

by

Source URL: https://www.theregister.com/2025/09/04/unknown_miscreants_snooping_around_sitecore/ Source: The Register Title: Attackers snooping around Sitecore, dropping malware via public sample keys Feedly Summary: You cut and pasted the machine key from the official documentation? Ouch Unknown miscreants are exploiting a configuration vulnerability in multiple Sitecore products to achieve remote code execution via a publicly exposed key and deploy snooping…

Cloud Blog: ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690)

Sep 3, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/viewstate-deserialization-zero-day-vulnerability/ Source: Cloud Blog Title: ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) Feedly Summary: Written by: Rommel Joven, Josh Fleischer, Joseph Sciuto, Andi Slok, Choon Kiat Ng In a recent investigation, Mandiant Threat Defense discovered an active ViewState deserialization attack affecting Sitecore deployments leveraging sample machine keys that had been exposed in…

The Register: Sitecore CMS flaw let attackers brute-force ‘b’ for backdoor

Jun 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/06/17/sitecore_rce_vulnerabilities/ Source: The Register Title: Sitecore CMS flaw let attackers brute-force ‘b’ for backdoor Feedly Summary: Hardcoded passwords and path traversals keeping bug hunters in work Security researchers have issued a warning about a pre-authentication exploit chain affecting a CMS used by some of the biggest companies in the world.… AI Summary and…

Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

Mar 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/alerts/2025/03/26/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability These types of vulnerabilities…

Tag: Sitecore

The Register: Attackers snooping around Sitecore, dropping malware via public sample keys

Cloud Blog: ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690)

The Register: Sitecore CMS flaw let attackers brute-force ‘b’ for backdoor

Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog