CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

CISA added two Sitecore vulnerabilities to its KEV catalog due to active exploitation. Federal agencies are required to patch these vulnerabilities by April 16, 2025. Additionally, Akamai observed exploit attempts against a Next.js vulnerability, and GreyNoise reported active exploitation of vulnerabilities in DrayTek devices.