Bleeping Computer

Hackers exploited Sitecore zero-day flaw to deploy backdoors

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. The flaw, tracked under CVE-2025-53690, is a ViewState ...
Bleeping Computer

Sitecore CMS exploit chain starts with hardcoded 'b' password

A chain of Sitecore Experience Platform (XP) vulnerabilities allows attackers to perform remote code execution (RCE) without authentication to breach and hijack servers. Sitecore is a popular ...
Infosecurity-magazine.com

Chained Flaws in Enterprise CMS Provider Sitecore Could Allow Remote Code Execution

Vulnerability research firm WatchTowr has detected seven vulnerabilities in Sitecore, a popular content management system (CMS) provider used by HSBC, United Airlines, P&G and L’Oréal. In its first ...
heise online

Sitecore: Attackers can inject malicious code – without logging in

The CMS Sitecore Experience Manager (XM) and Sitecore Experience Platform (XP), which are available as cloud and on-premises solutions, are affected by a critical vulnerability. Attackers can inject ...