← All stories
● Covered by 1 source · 1 reportHigh impact

Australia warns of global CMS-targeting campaign exploiting vulnerabilities

Aggregated by BrevFeed security · updated 2h ago
🔖 Save

The Australian Cyber Security Centre alerted about a global exploitation campaign affecting vulnerable CMS platforms, including WordPress and Joomla. Affected sites have had webshells deployed, allowing attackers persistent access to steal data and compromise services, highlighting the urgent need for security updates.

Key points

Alert Issued by ACSC

The Australian Cyber Security Centre (ACSC) has issued a warning regarding a global exploitation campaign targeting content management systems (CMS) and their plugins. The agency has noted that numerous Australian businesses have experienced impacts from this malicious activity, primarily involving the deployment of webshells.

Nature of the Exploitation

The campaign exploits various vulnerabilities in CMS platforms including WordPress, Craft CMS, and Joomla. Webshells allow attackers to gain persistent access, enabling them to disrupt services, steal credentials, and propagate further malware. This represents a significant threat, particularly to small- to medium-sized businesses lacking robust cybersecurity measures.

Vulnerabilities Being Exploited

Specific vulnerabilities mentioned include issues in WordPress plugins such as Simple File List, Gravity Forms, and Ninja Forms, among others. The ACSC has cataloged these vulnerabilities under CVE identifiers to assist in tracking and remediating the issues.

AI Tools in Cyber Attacks

The ACSC suggests that AI may be supportive in this campaign, allowing attackers to automate and enhance their strategies for exploiting new vulnerabilities. This factor raises concerns about the evolving capabilities of threat actors.

Recommendations for Website Administrators

The ACSC has recommended several actions for website administrators, including applying security updates for all CMS software, themes, and plugins. Additionally, they advise making web directories read-only, monitoring for unauthorized file changes, and restricting access to sensitive directories to enhance security against such attacks.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors — check the original sources. How BrevFeed works →

Primary sources

CVE CVE-2025-34085 CVE CVE-2020-368479.8 CRITICAL CVE CVE-2025-120579.8 CRITICAL CVE CVE-2025-74438.1 HIGH CVE CVE-2025-78529.8 CRITICAL CVE CVE-2026-07409.8 CRITICAL

Reporting from

The Australian Cyber Security Centre alerted about a global exploitation campaign affecting vulnerable CMS platforms, including WordPress and Joomla. Affected sites have had webshells deployed, allowing attackers persistent access to steal data and compromise services, highlighting the urgent need for security updates.