China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure

A China-linked APT group, UAT-8837, is exploiting a Sitecore zero-day vulnerability (CVE-2025-53690) to target American critical infrastructure, deploying open-source tools to harvest credentials and sensitive information.