CISA has added two critical Sitecore CMS vulnerabilities (CVE-2019-9874 and CVE-2019-9875) to its Known Exploited Vulnerabilities catalog due to evidence of active exploitation. They allow remote code execution and affect multiple Sitecore versions. Organizations are urged to apply patches by April 2025 and implement temporary workarounds if they cannot upgrade immediately.
North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
North Korean threat actors are using npm (Node Package Manager) ecosystem to publish malicious packages to deliver malware. The campaign aims to infiltrate developer systems,
