Drupal is giving developers ample time to prepare for an update that patches a “highly critical” flaw because exploits might be developed within hours or days of disclosure.

Researchers have found sneaky encoded malware targeting WordPress and Joomla sites that pretends to be ionCube files.

Joomla on Tuesday patched a critical LDAP injection vulnerability that had lingered in the content management system for eight years. Attackers could use this bug to steal admin login credentials.

Joomla fixed two critical issues in the content management system and is strongly encouraging users to update their sites immediately.

Exploit kits infecting thousands of WordPress websites are setting their sights on the open-source content management system Joomla in a new campaign spotted by a researcher at the SANS Institute’s Internet Storm Center. “The group behind the WordPress ‘admedia’ campaign is now apparently targeting Joomla sites,” said Brad Duncan, security researcher at Rackspace. “We are starting...

Attacks are accelerating against a now-patched Joomla zero-day vulnerability, putting pressure on site administrators to update quickly. The patch was published on Monday, but not before attacks were spotted in the wild and carried out for at least two days, said researchers at security company Sucuri. The zero-day vulnerability affects all Joomla versions from 1.5 to...