Find notable cyber news and cases, enriched with sources, timelines, and signals.

ACSC CMS remediation guidance

Advisory/Mitigation
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

The ACSC issued remediation guidance for CMS operators under active exploitation pressure, telling administrators to install the latest security updates for themes and plugins to reduce webshell deployment risk. The advisory also calls for removing unused components and enabling automatic updates where possible. These steps target exposed sites that can otherwise be used for persistence, credential theft, and deeper network compromise.

Timeline

  1. 11.07.2026 17:18 2 articles · 1h ago

    ACSC advises patching vulnerable CMS plugins amid global webshell campaign

    Mitigation Patch Update

    The Australian Cyber Security Centre (ACSC) warns that a global exploitation campaign is targeting vulnerable CMS platforms and plugins, with many small- to medium-sized Australian businesses already impacted by webshell deployment. The activity is actively scanning websites for opportunities to deploy webshells across WordPress, Craft CMS, MaxSite CMS, MetInfo CMS, and Joomla JCE, and the ACSC recommends applying the latest security updates for CMS software, themes, and plugins, removing unused components, enabling automatic updates where possible, making web directories read-only where possible, monitoring for unauthorized file creation, restricting access to sensitive directories, and blocking unexpected child-process spawning on web servers.

    Show sources