Global CMS Vulnerability Exploitation Campaign Uncovered by ACSC
PremiumACSC warns a global campaign is exploiting CMS vulnerabilities to deploy webshells and persist on small to mid-size websites.

Loading
§The archiveMon · Wed · FriM · W · F
Every dispatch we've sent. AI-curated, human-reviewed, from 50+ cybersecurity sources.
Follow on LinkedInACSC warns a global campaign is exploiting CMS vulnerabilities to deploy webshells and persist on small to mid-size websites.
State-owned Latvijas Valsts Mezi (LVM) remains recovering weeks after a financially-motivated cyberattack corrupted systems.
GigaWiper backdoor combines disk-wiping, overwriting, and fake ransomware behaviors to deliver destructive Windows intrusions.
Vulnerabilities in cloud-connected baby monitors and cameras exposed nearly one million devices and private video data.
AssuranceAmerica breach exposed nearly 6.9 million drivers' records after attackers accessed internal systems earlier this year.
KDDI data breach exploited a third-party zero-day, affecting roughly 12 million users' email accounts for ISPs.
Sygnia analysis shows agentic AI compressed cloud intrusion timelines to 72 hours, emphasizing speed and orchestration risk.
Researchers detail GodDamn ransomware's use of a signed PoisonX kernel driver to disable security tools and evade detection.
Microsoft released fixes for the RoguePlanet Defender zero-day (CVE-2026-50656), addressing privilege escalation in the Malware Protection Engine.
BeyondTrust disclosed two critical vulnerabilities in Remote Support and Privileged Remote Access that could bypass authentication.
WriteOut session isolation bug in Writer AI could leak session tokens across tenants enabling full account takeover.
Get these articles delivered to your inbox.
Subscribe free