Bleeping Computer

CISA flags Craft CMS code injection flaw as exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high ...
TechRadar

Craft CMS zero-day exploited to compromise hundreds of vulnerable servers

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Researchers discovered two critical-severity zero-days in Craft CMS Criminals are allegedly ...
Bleeping Computer

Latest Craft CMS news

Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. The U.S.