Latest Tech News

Stay updated with the latest in technology, AI, cybersecurity, and more

Filtered by: sitecore Clear Filter

Hackers exploited Sitecore zero-day flaw to deploy backdoors

bleepingcomputer.com Unknown 2025-10-15 19:51:42

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. The flaw, tracked under CVE-2025-53690, is a ViewState deserialization vulnerability caused by the inclusion of a sample ASP.NET machine key in pre-2017 Sitecore guides. Some customers reused this key in production, allowing attackers with knowledge of the key to craft valid, but malicious '_VIEWSTATE' payloads that tricked the server into deserializing and exe

Topics: asp key machine mandiant sitecore
Read More
Shop Amazon

Sitecore CMS exploit chain starts with hardcoded 'b' password

bleepingcomputer.com Unknown 2026-03-15 05:10:35

A chain of Sitecore Experience Platform (XP) vulnerabilities allows attackers to perform remote code execution (RCE) without authentication to breach and hijack servers. Sitecore is a popular enterprise CMS used by businesses to create and manage content across websites and digital media. Discovered by watchTowr researchers, the pre-auth RCE chain disclosed today consists of three distinct vulnerabilities. It hinges on the presence of an internal user (sitecore\ServicesAPI) with a hardcoded pa

Topics: attacker path sitecore upload watchtowr
Read More
Shop Amazon
Trending Topics
Hot Now
ai 3666 apple 3044 new 2418 google 2036 content 1735
Popular
like 1506 company 1433 pro 1339 iphone 1180 app 1133 zdnet 1116 said 1070 data 1054 does 910 reviews 895
Emerging
editorial 874 amazon 862 game 811 samsung 780 phone 768 pixel 761 android 743 just 724 users 689 available 686
About GoKawiil

GoKawiil is a project by nerdhub.co that curates technology news from trusted sources. We built this site to provide a cleaner, more mobile-friendly experience without intrusive ads or heavy JavaScript.

Privacy

Your privacy matters. GoKawiil doesn't use Google Analytics or Facebook Pixel. The only tracking occurs through affiliate links to Amazon.

Advertising

Interested in advertising? Contact us at [email protected]