Bleeping Computer

Hackers exploited Sitecore zero-day flaw to deploy backdoors

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. The flaw, tracked under CVE-2025-53690, is a ViewState ...
CSOonline

Sitecore zero-day configuration flaw under active exploitation

Attackers are leveraging a sample machine key in Sitecore products for initial access before ViewState code injections lead to escalated privileges and lateral movement across the network. A sample ...
TechRadar

Top CMS Sitecore patches critical zero-day flaw being hit by hackers

Sitecore patched a critical zero-day deserialization flaw affecting legacy deployments Threat actors exploited the vulnerability to deploy malware like WeepSteel Mandiant intervened mid-attack, ...
GitHub

CVE-2025-3515 - Contact Form 7 Drag and Drop Multiple File Upload - Unrestricted File Upload

Contact Form 7 Drag and Drop Multiple File Upload plugin for WordPress <= 1.3.8.9 contains an unrestricted file upload vulnerability caused by insufficient file type validation, letting ...
Investopedia

Sustainability: What It Is, How It Works, Benefits, and Example

Dr. JeFreda R. Brown is a financial consultant, Certified Financial Education Instructor, and researcher who has assisted thousands of clients over a more than two-decade career. She is the CEO of ...
GitHub

WordPress Front End Users Plugin <= 3.2.32 is vulnerable to Arbitrary File Upload

The vulnerability exists in the way the Front-End Users plugin handles file uploads through registration forms. There is no proper file extension validation, authentication checks, or file type ...
Investopedia

Oral Contracts: Definitive Guide to Proving and Enforcing Agreements

Clay Halton was a Business Editor at Investopedia and has been working in the finance publishing field for more than five years. He also writes and edits personal finance content, with a focus on ...