Skip to content
Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution.  The flaws, per watchTowr Labs, are listed below – CVE-2025-53693 – HTML cache poisoning through unsafe reflections CVE-2025-53691 – Remote code execution (RCE) through insecure deserializationRead More »Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

In Other News: Iranian Ships Hacked, Verified Android Developers, AI Used in Attacks

Noteworthy stories that might have slipped under the radar: communications of dozens of Iranian ships disrupted, only apps from verified developers will run on Android devices, and AI used across multiple phases of malicious attacks. The post In Other News: Iranian Ships Hacked, Verified Android Developers, AI Used in AttacksRead More »In Other News: Iranian Ships Hacked, Verified Android Developers, AI Used in Attacks

VerifTools Fake ID Operation Dismantled by Law Enforcement

Authorities say VerifTools sold fake driver’s licenses and passports worldwide, enabling fraudsters to bypass KYC checks and access online accounts. The post VerifTools Fake ID Operation Dismantled by Law Enforcement appeared first on SecurityWeek.

Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication

Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication

Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 actors as part of their intelligence gathering efforts. The campaign used “compromised websites to redirect visitors to malicious infrastructure designed to trick users into authorizing attacker-controlled devices throughRead More »Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication

Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign

Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign

An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors as part of an espionage campaign to deliver several malware families, including C6DOOR and GTELAM, in attacks primarily targeting users across Eastern Asia. “Attackers employed sophisticated infection chains, such as hijacked softwareRead More »Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign

TransUnion Data Breach Impacts 4.4 Million

The credit reporting firm did not name the third-party application involved in the incident, only noting that it was used for its US consumer support operations. The post TransUnion Data Breach Impacts 4.4 Million appeared first on SecurityWeek.

Nevada Confirms Ransomware Attack Behind Statewide Service Disruptions

State officials confirm ransomware forced office closures, disrupted services, and led to data theft, as Nevada works with CISA and law enforcement to restore critical systems. The post Nevada Confirms Ransomware Attack Behind Statewide Service Disruptions appeared first on SecurityWeek.

Copyright © 2025 infosecintel.net