A rash of CMS and Joomla flaws is being actively exploited for webshell and file-upload attacks
Australia's Signals Directorate warned that attackers are mounting a broad campaign against content management systems, including WordPress and Joomla, by exploiting known flaws and dropping webshells. CISA also added Joomla extension bugs in iCagenda and Balbooa Forms to its Known Exploited Vulnerabilities catalog after file-upload attacks were observed in the wild. These incidents show that basic web app patching remains a high-value target for opportunistic and automated attackers. The issue is not limited to a single product family; it spans multiple plugins and extensions that many organizations treat as low-risk infrastructure. That matters because webshells often provide long-term persistence and a springboard into the rest of an environment. The campaign is a reminder that patching web-facing software is still one of the fastest ways to reduce real-world exposure.
Sources
- Australia Alerts Organizations to Ongoing CMS Exploitation Attacks — Security Affairs
- U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog — Security Affairs
- Two Joomla Extensions Hit by Zero-Day File Upload Attacks Before Patches Landed — Latest Hacking News
- CISA warns admins to patch actively exploited SharePoint flaws — /r/cybersecurity


Leave a Reply