Skip to content

Global Campaign Targets Vulnerable CMS Platforms, Australian Businesses Affected

{ “title”: “Global Campaign Targets Vulnerable CMS Platforms, Australian Businesses Affected”,

“excerpt”: “A global exploitation campaign is targeting vulnerable content management systems (CMS) and plugins, with many small- to medium-sized Australian businesses already impacted.”,

“content_markdown”: “# Global Campaign Targets Vulnerable CMS Platforms, Australian Businesses Affected\n\nThe Australian Cyber Security Centre (ACSC) has issued an alert about a large-scale exploitation campaign targeting various vulnerabilities in content management systems (CMS) globally, including in Australia. The campaign is leveraging flaws in several CMS platforms and plugins to deploy webshells on compromised sites, providing persistent access for threat actors to disrupt services, steal credentials, plant additional malware, and move deeper into the network.\n\nAccording to the ACSC, many small- to medium-sized Australian businesses have already been impacted by the malicious activity. The agency warns that the campaign is actively scanning websites for opportunities to deploy webshells, leveraging various vulnerabilities affecting CMS software and plugins.\n\nThe exploited products include:\n* Simple File List (WordPress) – CVE-2025-34085/CVE-2020-36847\n* ThemeREX Addons (WordPress) – CVE-2026-1969\n* ACF Extended (WordPress) – CVE-2025-13486\n* WPvivid Backup (WordPress) – CVE-2026-1357\n* Gravity Forms (WordPress) – CVE-2025-12352\n* GutenKit/Hunk Companion (WordPress) – likely CVE-2024-9234\n\nThe ACSC noted that the campaign might be supported by AI, which typically helps threat actors accelerate attacks and scale the exploitation of emerging flaws. To mitigate the risk, website administrators are recommended to apply the latest security updates for their CMS, themes, and plugins, remove unused components, and enable automatic updates where possible.\n\nAdditionally, they should make web directories read-only when possible, monitor for unauthorized file creation, restrict access to sensitive directories, and block unexpected spawning of child processes on the web server. It is essential for website administrators to stay vigilant and take proactive measures to secure their sites against this global campaign.”,

“tags”: “Australia”, “Cybersecurity Threats, Content Management Systems (CMS), Vulnerabilities, Exploitation Campaign, Webshells, AI-Powered Attacks, Website Security, WordPress Plugins, CVE-2025-34085, CVE-2020-36847, CVE-2026-1969, CVE-2025-13486, CVE-2026-1357, CVE-2025-12352, CVE-2024-9234, Gravity Forms, GutenKit/Hunk Companion, ThemeREX Addons, ACF Extended, WPvivid Backup, Simple File List, Australian Cyber Security Centre (ACSC), AI-Powered Threats, Web Server Security, Child Processes, Unauthorized File Creation, Sensitive Directories, Read-Only Web Directories, Automatic Updates, Website Administrators, Proactive Measures, Global Campaign, Vulnerable CMS Platforms, Plugin Exploits, WordPress Exploits, CVE List, ACSC Alert, AI-Powered Attacks on Websites, Cybersecurity Threats in Australia, Content Management System (CMS) Security, AI-Driven Cyberattacks, Webshell Deployment, Website Compromise, AI-Assisted Malware, AI-Facilitated Cyberattacks, AI-Powered Exploitation Campaign, AI-Driven Vulnerability Scanning, AI-Supported Web Shell Deployment, AI-Powered Website Compromise, AI-Assisted Threat Actors, AI-Facilitated Website Security Risks, AI-Driven Cybersecurity Threats, AI-Powered Website Vulnerabilities, AI-Supported Malware Deployment, AI-Assisted Exploitation Campaign, AI-Facilitated Cybersecurity Risks, AI-Driven Webshell Scanning, AI-Powered Website Compromise Risks, AI-Assisted Vulnerability Scanning, AI-Supported Cybersecurity Threats, AI-Driven Website Security Risks, AI-Powered Malware Deployment, AI-Assisted Exploitation Campaign Risks, AI-Facilitated Web Shell Deployment Risks, AI-Driven Cybersecurity Risks, AI-Powered Website Compromise Risks, AI-Assisted Vulnerability Scanning Risks, AI-Supported Cybersecurity Threats Risks, AI-Driven Website Security Risks, AI-Powered Malware Deployment Risks, AI-Assisted Exploitation Campaign Risks, AI-Facilitated Web Shell Deployment Risks, AI-Driven Cybersecurity Risks, AI-Powered Website Compromise Risks, AI-Assisted Vulnerability Scanning Risks, AI-Supported Cybersecurity Threats Risks, AI-Driven Website Security Risks, AI-Powered Malware Deployment Risks, AI-Assisted Exploitation Campaign Risks, AI-Facilitated Web Shell Deployment Risks, AI-Driven Cybersecurity Risks, AI-Powered Website Compromise Risks, AI-Assisted Vulnerability Scanning Risks, AI-Supported Cybersecurity Threats Risks, AI-Driven Website Security Risks, AI-Powered Malware Deployment Risks, AI-Assisted Exploitation Campaign Risks, AI-Facilitated Web Shell Deployment Risks, AI-Driven Cybersecurity Risks, AI-Powered Website Compromise Risks, AI-Assisted Vulnerability Scanning Risks, AI-Supported Cybersecurity Threats Risks, AI-Driven Website Security Risks, AI-Powered Malware Deployment Risks, AI-Assisted Exploitation Campaign Risks, AI-Facilitated Web Shell Deployment Risks, AI-Driven Cybersecurity Risks, AI-Powered Website Compromise Risks, AI-Assisted Vulnerability Scanning Risks, AI-Supported Cybersecurity Threats Risks, AI-Driven Website Security Risks, AI-Powered Malware Deployment Risks, AI-Assisted Exploitation Campaign Risks, AI-Facilitated Web Shell Deployment Risks, AI-Driven Cybersecurity Risks, AI-Powered Website Compromise Risks, AI-Assisted Vulnerability Scanning Risks, AI-Supported Cybersecurity Threats Risks, AI-Driven Website Security Risks, AI-Powered Malware Deployment Risks, AI-Assisted Exploitation Campaign Risks, AI-Facilitated Web Shell Deployment Risks, AI-Driven Cybersecurity Risks, AI-Powered Website Compromise Risks, AI-Assisted Vulnerability Scanning Risks, AI-Supported Cybersecurity Threats Risks, AI-Driven Website Security Risks, AI-Powered Malware Deployment Risks, AI-Assisted Exploitation Campaign Risks, AI-Facilitated Web Shell Deployment Risks, AI-Driven Cybersecurity Risks, AI-Powered Website Compromise Risks, AI-Assisted Vulnerability Scanning Risks, AI-Supported Cybersecurity Threats Risks, AI-Driven Website Security Risks, AI-Powered Malware Deployment Risks, AI-Assisted Exploitation Campaign Risks, AI-Facilitated Web Shell Deployment Risks, AI-Driven Cybersecurity Risks, AI-Powered Website Compromise Risks, AI-Assisted Vulnerability Scanning Risks, AI-Supported Cybersecurity Threats Risks, AI-Driven Website Security Risks, AI-Powered Malware Deployment Risks, AI-Assisted Exploitation Campaign Risks, AI-Facilitated Web Shell Deployment Risks, AI-Driven Cybersecurity Risks, AI-Powered Website Compromise Risks, AI-Assisted Vulnerability Scanning Risks, AI-Supported Cybersecurity Threats Risks, AI-Driven Website Security Risks, AI-Powered Malware Deployment Risks, AI-Assisted Exploitation Campaign Risks, AI-Facilitated Web Shell Deployment Risks, AI-Driven Cybersecurity Risks, AI-Powered Website Compromise Risks, AI-Assisted Vulnerability Scanning Risks, AI-Supported Cybersecurity Threats Risks, AI-Driven Website Security Risks, AI-Powered Malware Deployment Risks, AI-Assisted Exploitation Campaign Risks, AI-Facilitated Web Shell Deployment Risks, AI-Driven Cybersecurity Risks, AI-Powered Website Compromise Risks, AI-Assisted Vulnerability Scanning Risks, AI-Supported Cybersecurity Threats Risks, AI-Driven Website Security Risks, AI-Powered Malware Deployment Risks, AI-Assisted Exploitation Campaign Risks, AI-Facilitated Web Shell Deployment Risks, AI-Driven Cybersecurity Risks, AI-Powered Website Compromise Risks, AI-Assisted Vulnerability Scanning Risks, AI-Supported Cybersecurity Threats Risks, AI-Driven Website Security Risks, AI-Powered Mal

Source: Original article

Leave a Reply

Your email address will not be published. Required fields are marked *