https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/large-scale-exploitation-campaign-targeting-website-content-management-systems-cms

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has issued its second alert regarding content management system (CMS) vulnerabilities in as many months, warning that a large-scale attack campaign is actively exploiting known security flaws across websites globally. The alert identifies 17 specific vulnerabilities affecting a range of widely used platforms, including several WordPress plugins, Craft CMS, MaxSite CMS, MetInfo CMS, and Joomla’s JCE editor. Many of the affected organisations are small- to medium-sized businesses operating in Australia. The latest advisory follows a May warning from the ACSC about a ClickFix campaign in which compromised WordPress sites belonging to legitimate Australian businesses were used to deliver the Vidar Stealer malware to unsuspecting visitors.

Critically, patches are available for all 17 vulnerabilities listed in the alert, with some fixes having been released many months prior. Among the more notable flaws is CVE-2025-32432, a zero-day vulnerability in Craft CMS that was actively exploited for approximately two months before a patch was made available in April 2025.

The ACSC is urging administrators to actively check their systems for indicators of compromise, including webshells and malicious scripts that could allow attackers to maintain remote access. Where patches cannot be applied immediately, the agency recommends disabling vulnerable components as a stopgap measure. Organisations using managed hosting providers are encouraged to ask their providers directly how they are monitoring for and responding to active exploitation campaigns, reinforcing that shared responsibility for cybersecurity extends across the entire hosting supply chain.

Discover more from Edwin Kwan

Subscribe now to keep reading and get access to the full archive.

Continue reading