fromDataBreaches.Net
1 day agoCISA orders federal agencies to patch Sitecore zero-day following hacking reports - DataBreaches.Net
Federal civilian agencies have until September 25 to patch a vulnerability in popular content management system Sitecore after incident responders said they disrupted a recent attack involving the bug. Sitecore published a bulletin on Wednesday about CVE-2025-53690, which affects several of the company's products. A key issue with the bug is the use of a sample machine key that was included in Sitecore deployment guides from 2017 and earlier. Many customers simply used the sample machine key and never rotated it to something new.
Information security