News

Hackers exploited Sitecore zero-day flaw to deploy backdoors

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance ...

Top CMS Sitecore patches critical zero-day flaw being hit by hackers

The zero-day is described as a critical deserialization vulnerability affecting Sitecore Experience Manager (XM), Sitecore ...

Attackers snooping around Sitecore, dropping malware via public sample keys

ViewState is an ASP.NET feature to preserve webpage and control values between postbacks, and a ViewState deserialization ...
CSO Online

Sitecore zero-day configuration flaw under active exploitation

Attackers are leveraging a sample machine key in Sitecore products for initial access before ViewState code injections lead ...