Security News

Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
2025-04-28 07:13

Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access. The attacks, first observed...

Craft CMS RCE exploit chain used in zero-day attacks to steal data
2025-04-25 19:44

Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. [...]

CISA flags Craft CMS code injection flaw as exploited in attacks
2025-02-21 15:57

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. [...]

CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
2025-02-21 07:26

A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited...

U.S. govt agency CMS says data breach impacted 3.1 million people
2024-09-24 18:01

The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed...

Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning
2024-02-26 19:59

Threat actors are exploiting a CMS editor discontinued 14 years ago to compromise education and government entities worldwide to poison search results with malicious sites or scams. Search engine crawlers index the redirects and list them on Google Search results, making them an effective strategy for SEO poisoning campaigns, leveraging a trusted domain to rank malicious URLs higher for specific queries.

WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws
2023-01-02 07:50

WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. "If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts," Russian security vendor Doctor Web said in a report published last week.

Ghost CMS vulnerable to critical authentication bypass flaw
2022-12-23 08:12

A critical vulnerability in the Ghost CMS newsletter subscription system could allow external users to create newsletters or modify existing ones so that they contain malicious JavaScript. [...]

Two New Security Flaws Reported in Ghost CMS Blogging Software
2022-12-22 10:09

Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as Ghost, one of which could be abused to elevate privileges via specially crafted HTTP requests. Tracked as CVE-2022-41654, the authentication bypass vulnerability that allows unprivileged users to make unauthorized modifications to newsletter settings.

EnemyBot Malware Targets Web Servers, CMS Tools and Android OS
2022-05-31 12:24

A rapidly evolving IoT malware dubbed "EnemyBot" is targeting content management systems, web servers and Android devices. The Alien lab research team study found four main sections of the malware.