China-linked hackers exploited Sitecore zero-day for initial access

A China-linked hacker group, UAT-8837, has been exploiting a Sitecore zero-day vulnerability (CVE-2025-53690) for initial access to North American critical infrastructure. The group, active since at least 2025, focuses on obtaining credentials and network information using various open-source and living-off-the-land tools.