A critical zero-day vulnerability in Sitecore is being actively exploited, leveraging publicly known ViewState keys for Remote Code Execution, with the multi-stage attack involving initial probing, deploying reconnaissance tools, and using open-source tools for lateral movement and credential theft. The vulnerability stems from insecure ViewState deserialization due to users failing to generate unique keys.