- Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Executionby info@thehackernews.com (The Hacker News) on 29/08/2025 at 17:22
Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution. The flaws, per watchTowr Labs, are listed below - CVE-2025-53693 - HTML cache poisoning through unsafe reflections CVE-2025-53691 - Remote code execution (RCE) through insecure deserialization CVE-2025-53694 -
- Webinar: Learn How to Unite Dev, Sec, and Ops Teams With One Shared Playbookby info@thehackernews.com (The Hacker News) on 29/08/2025 at 15:42
Picture this: Your team rolls out some new code, thinking everything's fine. But hidden in there is a tiny flaw that explodes into a huge problem once it hits the cloud. Next thing you know, hackers are in, and your company is dealing with a mess that costs millions. Scary, right? In 2025, the average data breach hits businesses with a whopping $4.44 million bill globally. And guess what? A big
- Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authenticationby info@thehackernews.com (The Hacker News) on 29/08/2025 at 13:22
Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 actors as part of their intelligence gathering efforts. The campaign used "compromised websites to redirect visitors to malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft's device code
- Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaignby info@thehackernews.com (The Hacker News) on 29/08/2025 at 13:12
An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors as part of an espionage campaign to deliver several malware families, including C6DOOR and GTELAM, in attacks primarily targeting users across Eastern Asia. "Attackers employed sophisticated infection chains, such as hijacked software updates and fake cloud storage or login
- Can Your Security Stack See ChatGPT? Why Network Visibility Mattersby info@thehackernews.com (The Hacker News) on 29/08/2025 at 10:30
Generative AI platforms like ChatGPT, Gemini, Copilot, and Claude are increasingly common in organizations. While these solutions improve efficiency across tasks, they also present new data leak prevention for generative AI challenges. Sensitive information may be shared through chat prompts, files uploaded for AI-driven summarization, or browser plugins that bypass familiar security controls.