Itnews.Au
ACSC Issues Critical Alert on Exploited CMS Vulnerabilities
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The Australian Cyber Security Centre (ACSC) has issued a second alert in two months regarding a large-scale hacking campaign exploiting unpatched vulnerabilities in content management systems (CMS). The campaign targets 17 specific vulnerabilities, affecting websites globally, particularly those of small- to medium-sized businesses in Australia. Notably, CVE-2025-32432, a zero-day vulnerability in Craft CMS, was exploited for two months before a patch was released in April 2025. Other affected systems include various WordPress plugins like GutenKit and Hunk Companion, which were patched in 2024 but continue to see exploitation attempts. The ACSC advises administrators to check for indicators of compromise and apply available security updates immediately. The alert follows a previous warning about the ClickFix campaign, which delivered malware to compromised WordPress sites. The situation has escalated to a critical alert status due to the ongoing exploitation of these vulnerabilities.
Key Points: • ACSC warns of a critical alert on CMS vulnerabilities exploited in a large-scale campaign. • 17 vulnerabilities are targeted, including CVE-2025-32432 affecting Craft CMS. • Administrators are urged to apply patches and check for indicators of compromise.