Find notable cyber news and cases, enriched with sources, timelines, and signals.

Global CMS webshell exploitation campaign

Campaign
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

A global CMS exploitation campaign is actively scanning websites for vulnerable software and plugins, creating immediate risk of webshell deployment and broader compromise. The Australian Cyber Security Centre (ACSC) warned on July 9 that many SMBs in Australia are affected even as the operation spans globally. Attackers are exploiting CMS flaws that can enable unauthenticated file upload, remote code execution, SSRF, or deserialization. Successful access could lead to website defacement, credential theft, malware upload, and later movement into connected networks.

Related Happenings

ACSC CMS remediation guidance

Advisory/Mitigation
H score33 First: 11.07.2026 17:18 Last: 11.07.2026 17:18 Sources 1

How related: The ACSC urged website owners to check their servers for signs of compromise and remediate by:

About this happening: The **ACSC** issued remediation guidance for **CMS** operators under active exploitation pressure, telling administrators to install the latest security updates for **themes and p...

ACSC ClickFix mitigation guidance for Vidar Stealer

Advisory/Mitigation
H score34 First: 07.05.2026 21:00 Last: 07.05.2026 21:00 Sources 1

About this happening: The **ACSC** issued mitigation guidance for an **ongoing ClickFix campaign** that is pushing **Vidar Stealer** through **malicious PowerShell commands**, increasing credential-the...

Compromised legitimate WordPress websites used to infect visitors with infostealer malware campaign expands across multiple victims

Campaign
H score34 First: 11.03.2026 16:45 Last: 11.03.2026 16:45 Sources 1

About this happening: A **global ClickFix campaign** is abusing compromised **WordPress** sites to push **infostealer malware** to visitors, putting credentials and financial data at risk. The operatio...

Timeline

  1. 13.07.2026 03:00 2 articles · 11h ago

    ACSC warns CMS customers of global webshell scanning campaign

    Initial Disclosure

    The Australian Cyber Security Centre warned CMS customers that malicious cyber actors were actively scanning websites worldwide for vulnerable CMS software and plugins to deploy webshells, with many SMBs in Australia also affected.

    Show sources
  2. 13.07.2026 03:00 1 articles · 11h ago

    ACSC tells CMS owners to isolate compromised servers and patch vulnerable systems

    Mitigation Patch Update

    The Australian Cyber Security Centre urged CMS owners to inspect servers for webshells, examine access logs for suspicious GET or POST requests, isolate compromised systems, audit authentication and network logs, patch vulnerable software and plugins, remove or quarantine webshells, and restore affected websites from known-good backups.

    Show sources