Security News

Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

2025-05-28 11:00

A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System (CMS) to deploy multiple payloads,...

#CMS #cryptominer #CVE #exploit #hacker #CVE-2025-32432

Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised

2025-04-28 07:13

Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access. The attacks, first observed...

#CMS #critical #exploit #hacker #server #CVE-2024-58136

Craft CMS RCE exploit chain used in zero-day attacks to steal data

2025-04-25 19:44

Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. [...]

#attack #CMS #exploit #RCE #stealdata #zeroday

CISA flags Craft CMS code injection flaw as exploited in attacks

2025-02-21 15:57

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. [...]

#attack #cisa #CMS

CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks

2025-02-21 07:26

A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited...

#attack #cisa #CMS #CVE #vulnerability #CVE-2025-23209

U.S. govt agency CMS says data breach impacted 3.1 million people

2024-09-24 18:01

The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed...

#breach #CMS #databreach

Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning

2024-02-26 19:59

Threat actors are exploiting a CMS editor discontinued 14 years ago to compromise education and government entities worldwide to poison search results with malicious sites or scams. Search engine crawlers index the redirects and list them on Google Search results, making them an effective strategy for SEO poisoning campaigns, leveraging a trusted domain to rank malicious URLs higher for specific queries.

#CMS #exploit #hacker #poisoning

WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws

2023-01-02 07:50

WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems. "If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts," Russian security vendor Doctor Web said in a report published last week.

#CMS #linux #malware #security #wordpress

Ghost CMS vulnerable to critical authentication bypass flaw

2022-12-23 08:12

A critical vulnerability in the Ghost CMS newsletter subscription system could allow external users to create newsletters or modify existing ones so that they contain malicious JavaScript. [...]

#authentication #bypass #CMS #critical

Two New Security Flaws Reported in Ghost CMS Blogging Software

2022-12-22 10:09

Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as Ghost, one of which could be abused to elevate privileges via specially crafted HTTP requests. Tracked as CVE-2022-41654, the authentication bypass vulnerability that allows unprivileged users to make unauthorized modifications to newsletter settings.

#CMS #security #CVE-2022-41654

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News