Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Scientists Solve Mystery of Bizarre ‘Alien Megastructure’ Star

    July 11, 2026

    Australia warns of global campaign targeting vulnerable CMS platforms

    July 11, 2026

    Money launderer accused of stealing seized crypto while in prison

    July 11, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»Australia warns of global campaign targeting vulnerable CMS platforms
    News

    Australia warns of global campaign targeting vulnerable CMS platforms

    adminBy adminJuly 11, 2026No Comments2 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Australia warns of global campaign targeting vulnerable CMS platforms

    The Australian Cyber Security Centre (ACSC) issued an alert about a global exploitation campaign targeting vulnerable content management systems (CMS) and plugins.

    The government agency says that many Australian businesses have already been affected by the malicious activity, with webshells being deployed on their sites.

    Webshells provide persistent access to the compromised sites and allow threat actors to disrupt services, steal credentials, plant additional malware, and move deeper into the network.

    image

    “A large-scale exploitation campaign is targeting various vulnerabilities in content management systems (CMS) globally, including in Australia, with many small- to medium-sized Australian businesses impacted,” the ACSC warns.

    “As part of this campaign, malicious cyber actors are actively scanning websites for opportunities to deploy webshells, leveraging various vulnerabilities affecting CMS software and plugins.”

    According to the agency, the activity leverages flaws in several CMS platforms and plugins, including WordPress, Craft CMS, MaxSite CMS, MetInfo CMS, and Joomla JCE. ACSC lists the following products exploited in the campaign:

    • Simple File List (WordPress) – CVE-2025-34085/CVE-2020-36847
    • WavePlayer (WordPress) – CVE-2025-12057
    • BerqWP (WordPress) – CVE-2025-7443
    • WPBookit (WordPress) – CVE-2025-7852
    • Ninja Forms (WordPress) – CVE-2026-0740
    • ThemeREX Addons (WordPress) – CVE-2026-1969
    • Breeze Cache (WordPress) – CVE-2026-3844
    • pay-uz (WordPress) – CVE-2026-31843
    • ACF Extended (WordPress) – CVE-2025-13486
    • Sneeit Framework – CVE-2025-6389
    • WPvivid Backup (WordPress) – CVE-2026-1357
    • Gravity Forms (WordPress) – CVE-2025-12352
    • GutenKit/Hunk Companion (WordPress) – likely CVE-2024-9234
    • Craft CMS – CVE-2025-32432
    • MaxSite CMS – CVE-2026-3395
    • MetInfo CMS – CVE-2026-29014
    • Joomla JCE – CVE-2026-48907

    The ACSC noted that the campaign might be supported by AI, which typically helps threat actors accelerate attacks and scale the exploitation of emerging flaws.

    Website administrator are recommended to apply the latest security updates for their CMS, themes, and plugins, remove unused components, and enable automatic updates where possible.

    It is also recommended to make web directories read-only when possible, monitor for unauthorized file creation, restrict access to sensitive directories, and block unexpected spawning of child processes on the web server.


    article image

    Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

    The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

    Get the whitepaper



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleMoney launderer accused of stealing seized crypto while in prison
    Next Article Scientists Solve Mystery of Bizarre ‘Alien Megastructure’ Star
    admin
    • Website

    Related Posts

    News

    Scientists Solve Mystery of Bizarre ‘Alien Megastructure’ Star

    July 11, 2026
    News

    Money launderer accused of stealing seized crypto while in prison

    July 11, 2026
    News

    Hackers exploit critical auth bypass in Gitea Docker image

    July 11, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Our Picks

    Scientists Solve Mystery of Bizarre ‘Alien Megastructure’ Star

    July 11, 2026

    Australia warns of global campaign targeting vulnerable CMS platforms

    July 11, 2026

    Money launderer accused of stealing seized crypto while in prison

    July 11, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.