Threat actors have been launching intrusions leveraging a pair of old vulnerabilities impacting the Sitecore CMS and Experience Platform, as well as other security issues affecting the open-source JavaScript framework Next.js and DrayTek devices, according to The Hacker News.
Both Sitecore flaws, tracked as CVE-2019-9874 and CVE-2019-9875, have already been added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies ordered to address the bugs by Apr. 16. Abuse of the deserialization issues could result in arbitrary code execution. Attempted exploitation of the critical Next.js flaw which is tracked as CVE-2025-29927 and could result in the evasion of middleware authentication has also been observed by Akamai while GreyNoise researchers reported ongoing exploitation of the critical DrayTek operating system command injection flaw, tracked as CVE-2020-8515, and pair of high-severity DrayTek VigorConnect local file inclusion bugs, tracked as CVE-2021-20123 and CVE-2021-20124. Attacks involving CVE-2020-8515 were mostly directed at Indonesia, Hong Kong, and the U.S., while those with the other flaws were primarily aimed at Lithuania, the U.S., and Singapore, noted GreyNoise.
