Security News

Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites. The vendor has addressed the security issues, which impact multiple versions of Joomla, and fixes are present in versions 5.0.3 and also 4.4.3 of the CMS. Joomla's advisory notes that CVE-2024-21725 is the vulnerability with the highest severity risk and has a high exploitation probability.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This...

An Amazon Web Services cloud storage bucket that was left open to the public internet has exposed thousands of Joomla users' personal information. About 2,700 individuals who signed up to use the Joomla Resources Directory - a community forum for finding developers and service providers specialized in the Joomla content management system - had their information exposed.

An unprotected Amazon Web Services S3 bucket exposed the details of 2,700 users who signed up for the Joomla Resources Directory, Joomla's Incident Response Task Group reported last week. An internal website audit revealed that a third-party company owned by a former leader of the Joomla Resource Directory team - they are still a member of the JRD team - stored full JRD backups in an AWS S3 bucket.

Joomla, one of the most popular Open-source content management systems, last week announced a new data breach impacting 2,700 users who have an account with its resources directory website, i.e., resources. The company said the incident came to light during an internal website audit that revealed that a member of the Joomla Resources Directory team stored a full unencrypted backup of the JRD website on an Amazon Web Services S3 bucket owned by the third-party company.

Joomla, one of the most popular Open-source content management systems, last week announced a new data breach impacting 2,700 users who have an account with its resources directory website, i.e., resources. The company said the incident came to light during an internal website audit that revealed that a member of the Joomla Resources Directory team stored a full unencrypted backup of the JRD website on an Amazon Web Services S3 bucket owned by the third-party company.

New .htaccess injector threat on Joomla and WordPress websites redirects to malicious websites.

The Jmail Breaker attack leverages an old vulnerability in Joomla! along with a newly found flaw in the mail module.

Thousands of compromised WordPress, Joomla and SquareSpace-based sites are actively pushing malware disguised as Firefox, Chrome and Flash Player updates onto visitors. This campaign has been...

One SQL injection and three cross-site scripting (XSS) vulnerabilities have been patched with the release of Joomla 3.8.4 last week. The latest version of the open-source content management system...