#information-disclosure

[ follow ]
#cybercrime #windows-gdi-vulnerabilities #patch-management #sitecore #remote-code-execution
Information security
fromThe Hacker News
2 days ago

ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More

Digital vulnerabilities now translate into real-world harm as scams, rented cyber violence, and compromised apps turn digital weaknesses into physical, economic, and political threats.
fromThe Hacker News
2 months ago

Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

CVE-2025-53693 - HTML cache poisoning through unsafe reflections CVE-2025-53691 - Remote code execution (RCE) through insecure deserialization CVE-2025-53694 - Information Disclosure in ItemService API with a restricted anonymous user, leading to exposure of cache keys using a brute-force approach Patches for the first two shortcomings were released by Sitecore in June and for the third in July 2025, with the company stating that "successful exploitation of the related vulnerabilities might lead to remote code execution and non-authorized access to information."
Information security
[ Load more ]