Researchers discovered two critical-severity zero-days in Craft CMS Criminals are allegedly chaining them together to gain ...

Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense.

Threat actors exploited Craft CMS zero-days CVE-2025-32432 and CVE-2024-58136, compromising 300 of 13,000 vulnerable servers.

One of the features of a comprehensive content management system (CMS) versus a basic Web authoring program is its ability to update the entire site when global changes are made, eliminating the ...

Threat actors have exploited a zero-day vulnerability in Craft CMS to execute PHP code on hundreds of websites.