ASD issues critical alert on CMS exploitation campaign

By Joshua Gliddon on Jul 10, 2026 12:53PM
ASD issues critical alert on CMS exploitation campaign

The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) has issued a critical alert has issued an alert warning of a large-scale exploitation campaign targeting content management systems (CMS).

The campaign is targeting various vulnerabilities in CMS' globally, including in Australia, with many small to medium sized Australian businesses impacted. 

As part of this campaign, malicious cyber actors are actively scanning websites for opportunities to deploy webshells, leveraging various vulnerabilities affecting CMS software and plugins. These vulnerabilities primarily allow unauthenticated file upload, remote code execution, server-side request forgery or deserialisation.

Malicious cyber actors may leverage compromised web servers for several purposes, including website defacement or disruption; capturing credentials entered by website users or other data stored on web servers; uploading additional malware to target and scam legitimate website users; and using web server access as a pathway for broader network compromise.

The ASD has provided a list of software, plugins and CVEs being exploited on the alert page, as well as immediate mitigation advice and additional steps to protect websites.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © nextmedia Pty Ltd. All rights reserved.

Add techpartner.news as your trusted source

Tags:

Log in

Email:
Password:
  |  Forgot your password?