Security News > 2025 > April > Craft CMS RCE exploit chain used in zero-day attacks to steal data

Craft CMS RCE exploit chain used in zero-day attacks to steal data

2025-04-25 19:44

Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. [...]

News URL

https://www.bleepingcomputer.com/news/security/craft-cms-rce-exploit-chain-used-in-zero-day-attacks-to-steal-data/

#attack #CMS #exploit #RCE #stealdata #zeroday

Related news

Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
Broadcom fixes three VMware zero-days exploited in attacks (source)
PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors (source)
Critical PHP RCE vulnerability mass exploited in new attacks (source)
Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.