Security News

Joomla fixes XSS flaws that could expose sites to RCE attacks
2024-02-21 22:55

Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites. The vendor has addressed the security issues, which impact multiple versions of Joomla, and fixes are present in versions 5.0.3 and also 4.4.3 of the CMS. Joomla's advisory notes that CVE-2024-21725 is the vulnerability with the highest severity risk and has a high exploitation probability.

CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe , D-Link, Joomla Under Attack
2024-01-10 04:50

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This...

Joomla Resources Directory Users Exposed in Leaky AWS Bucket
2020-06-03 04:15

An Amazon Web Services cloud storage bucket that was left open to the public internet has exposed thousands of Joomla users' personal information. About 2,700 individuals who signed up to use the Joomla Resources Directory - a community forum for finding developers and service providers specialized in the Joomla content management system - had their information exposed.

Data From Joomla Resources Directory Exposed via Unprotected AWS Bucket
2020-06-01 13:43

An unprotected Amazon Web Services S3 bucket exposed the details of 2,700 users who signed up for the Joomla Resources Directory, Joomla's Incident Response Task Group reported last week. An internal website audit revealed that a third-party company owned by a former leader of the Joomla Resource Directory team - they are still a member of the JRD team - stored full JRD backups in an AWS S3 bucket.

Joomla Resources Directory (JRD) Portal Suffers Data Breach
2020-06-01 04:34

Joomla, one of the most popular Open-source content management systems, last week announced a new data breach impacting 2,700 users who have an account with its resources directory website, i.e., resources. The company said the incident came to light during an internal website audit that revealed that a member of the Joomla Resources Directory team stored a full unencrypted backup of the JRD website on an Amazon Web Services S3 bucket owned by the third-party company.

Joomla Resources Directory (JRD) Portal Suffers Data Breach
2020-06-01 04:34

Joomla, one of the most popular Open-source content management systems, last week announced a new data breach impacting 2,700 users who have an account with its resources directory website, i.e., resources. The company said the incident came to light during an internal website audit that revealed that a member of the Joomla Resources Directory team stored a full unencrypted backup of the JRD website on an Amazon Web Services S3 bucket owned by the third-party company.

Joomla and WordPress Found Harboring Malicious Redirect Code
2019-05-24 17:48

New .htaccess injector threat on Joomla and WordPress websites redirects to malicious websites.

RSAC 2019: Joomla! Mail Flaw Exploited to Create Mass Phishing Infrastructure
2019-03-05 14:00

The Jmail Breaker attack leverages an old vulnerability in Joomla! along with a newly found flaw in the mail module.

Thousands of WP, Joomla and SquareSpace sites serving malicious updates
2018-04-13 15:50

Thousands of compromised WordPress, Joomla and SquareSpace-based sites are actively pushing malware disguised as Firefox, Chrome and Flash Player updates onto visitors. This campaign has been...

XSS, SQL Injection Flaws Patched in Joomla
2018-02-07 15:03

One SQL injection and three cross-site scripting (XSS) vulnerabilities have been patched with the release of Joomla 3.8.4 last week. The latest version of the open-source content management system...