THE Australian Cyber Security Centre (ACSC) has issued a warning regarding a global campaign targeting vulnerabilities in content management systems (CMS). The campaign, affecting many small and medium-sized businesses in Australia, involves malicious actors exploiting unpatched vulnerabilities to deploy webshells, potentially allowing them to deface websites, steal user credentials, or spread malware.
The ACSC identified the exploitation of CVEs from 2025-2026 across various CMS platforms like WordPress and Joomla. They urged website owners to conduct thorough inspections, patch vulnerabilities, and enhance security measures to mitigate the risk of future attacks.