Global CMS webshell exploitation campaign
Campaign
Summary
Hide ▲
Show ▼
A global CMS exploitation campaign is actively scanning websites for vulnerable software and plugins, creating immediate risk of webshell deployment and broader compromise. The Australian Cyber Security Centre (ACSC) warned on July 9 that many SMBs in Australia are affected even as the operation spans globally. Attackers are exploiting CMS flaws that can enable unauthenticated file upload, remote code execution, SSRF, or deserialization. Successful access could lead to website defacement, credential theft, malware upload, and later movement into connected networks.
Related Happenings
ACSC CMS remediation guidance
Advisory/Mitigation
H score33
First: 11.07.2026 17:18
Last: 11.07.2026 17:18
Sources 1
How related:
The ACSC urged website owners to check their servers for signs of compromise and remediate by:
About this happening:
The **ACSC** issued remediation guidance for **CMS** operators under active exploitation pressure, telling administrators to install the latest security updates for **themes and p...
ACSC CMS remediation guidance
Advisory/MitigationHow related: The ACSC urged website owners to check their servers for signs of compromise and remediate by:
About this happening: The **ACSC** issued remediation guidance for **CMS** operators under active exploitation pressure, telling administrators to install the latest security updates for **themes and p...
ACSC ClickFix mitigation guidance for Vidar Stealer
Advisory/Mitigation
H score34
First: 07.05.2026 21:00
Last: 07.05.2026 21:00
Sources 1
About this happening:
The **ACSC** issued mitigation guidance for an **ongoing ClickFix campaign** that is pushing **Vidar Stealer** through **malicious PowerShell commands**, increasing credential-the...
ACSC ClickFix mitigation guidance for Vidar Stealer
Advisory/MitigationAbout this happening: The **ACSC** issued mitigation guidance for an **ongoing ClickFix campaign** that is pushing **Vidar Stealer** through **malicious PowerShell commands**, increasing credential-the...
Compromised legitimate WordPress websites used to infect visitors with infostealer malware campaign expands across multiple victims
Campaign
H score34
First: 11.03.2026 16:45
Last: 11.03.2026 16:45
Sources 1
About this happening:
A **global ClickFix campaign** is abusing compromised **WordPress** sites to push **infostealer malware** to visitors, putting credentials and financial data at risk. The operatio...
Compromised legitimate WordPress websites used to infect visitors with infostealer malware campaign expands across multiple victims
CampaignAbout this happening: A **global ClickFix campaign** is abusing compromised **WordPress** sites to push **infostealer malware** to visitors, putting credentials and financial data at risk. The operatio...
Timeline
-
13.07.2026 03:00 2 articles · 11h ago
ACSC warns CMS customers of global webshell scanning campaign
Initial DisclosureThe Australian Cyber Security Centre warned CMS customers that malicious cyber actors were actively scanning websites worldwide for vulnerable CMS software and plugins to deploy webshells, with many SMBs in Australia also affected.
Show sources
- Australian Cyber Agency Warns of Global CMS Exploitation Campaign — www.infosecurity-magazine.com — 13.07.2026 11:30
- Australian Cyber Agency Warns of Global CMS Exploitation Campaign — www.infosecurity-magazine.com — 13.07.2026 11:30
-
13.07.2026 03:00 1 articles · 11h ago
ACSC tells CMS owners to isolate compromised servers and patch vulnerable systems
Mitigation Patch UpdateThe Australian Cyber Security Centre urged CMS owners to inspect servers for webshells, examine access logs for suspicious GET or POST requests, isolate compromised systems, audit authentication and network logs, patch vulnerable software and plugins, remove or quarantine webshells, and restore affected websites from known-good backups.
Show sources
- Australian Cyber Agency Warns of Global CMS Exploitation Campaign — www.infosecurity-magazine.com — 13.07.2026 11:30