Bleeping Computer

CISA flags Craft CMS code injection flaw as exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high ...
heise online

Cyberattacks on Palo Alto PAN-OS and Craft CMS underway

The US IT security authority CISA warns of attacks on security vulnerabilities in Craft CMS and in Palo Alto Network's firewall operating system PAN-OS. Updates are available for the attacked ...
TechRadar

US government warns this popular CMS software has a worrying security flaw

CISA adds Craft CMS bug to its KEV catalog The bug was found in Craft CMS versions 4 and 5 It allows for remote code execution The US Government's Cybersecurity and Infrastructure Security Agency ...
Bleeping Computer

Craft CMS RCE exploit chain used in zero-day attacks to steal data

Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. The ...
TechRadar

Craft CMS zero-day exploited to compromise hundreds of vulnerable servers

Researchers discovered two critical-severity zero-days in Craft CMS Criminals are allegedly chaining them together to gain access Some 300 sites already fell victim Cybercriminals are abusing two zero ...