Warning: Global Campaign Targets Vulnerable Content Management Systems (CMS) to Deploy Web Shells and Compromise Systems

Views: 47 views

382/69 Tuesday, July 14, 2026

The Australian Cyber Security Centre (ACSC) has issued an advisory warning of a global cyberattack campaign targeting vulnerabilities in content management systems (CMS) and various plugins. Several organizations and businesses have already been affected by this campaign. This threat is significant and should be closely monitored, as attackers are focusing on deploying malicious web shells on target websites to create backdoors or covert access channels for persistent system access and control.

In this campaign, threat actors continuously scan websites to identify vulnerabilities in CMS software and plugins that have not been updated with security patches. The campaign targets various platforms, including Craft CMS, MaxSite CMS, MetInfo CMS, Joomla JCE, and popular systems such as WordPress. Attacks against WordPress have been observed through multiple plugins, including Simple File List, WavePlayer, Ninja Forms, Gravity Forms, and others. Once attackers successfully compromise a system, they use web shells as tools to disrupt services, steal credentials, install additional malware, and expand the attack deeper into an organization’s computer network. In addition, ACSC has assessed that this campaign may involve the use of AI to support and accelerate the process of scanning for new vulnerabilities and expanding the scale of exploitation more efficiently.

To reduce risk and protect systems from this threat, website administrators should promptly review and update CMS platforms, themes, and all plugins to the latest versions. They should also uninstall unused components and enable automatic updates where possible. For defense-in-depth security, administrators are advised to configure certain web directories as read-only where feasible, restrict access to critical folders, monitor for unauthorized file creation, and closely block or monitor abnormal child process creation on web servers.

Source: https://www.bleepingcomputer.com/news/security/australia-warns-of-global-campaign-targeting-vulnerable-cms-platforms/