Threat actors have been launching intrusions leveraging a pair of old vulnerabilities impacting the Sitecore CMS and Experience Platform, as well as other security issues affecting the open-source JavaScript framework Next.js and DrayTek devices, according to The Hacker News.
Both Sitecore flaws, tracked as CVE-2019-9874 and CVE-2019-9875, have already been added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies ordered to address the bugs by Apr. 16. Abuse of the deserialization issues could result in arbitrary code execution. Attempted exploitation of the critical Next.js flaw which is tracked as CVE-2025-29927 and could result in the evasion of middleware authentication has also been observed by Akamai while GreyNoise researchers reported ongoing exploitation of the critical DrayTek operating system command injection flaw, tracked as CVE-2020-8515, and pair of high-severity DrayTek VigorConnect local file inclusion bugs, tracked as CVE-2021-20123 and CVE-2021-20124. Attacks involving CVE-2020-8515 were mostly directed at Indonesia, Hong Kong, and the U.S., while those with the other flaws were primarily aimed at Lithuania, the U.S., and Singapore, noted GreyNoise.
Ongoing intrusions leveraging a critical Qualitia flaw in Active! mail 6 and a pair of high-severity bugs in the Commvault webserver and Broadcom Brocade Fabric OS have been reported by the Cybersecurity and Infrastructure Security Agency, which urged the remediation of the issues by May 17 following their inclusion in its Known Exploited Vulnerabilities catalog, according to SecurityWeek.
More secure software development practices have prompted a decline in actively exploited zero-day vulnerabilities between 2023 and 2024, Cybersecurity Dive reports.
