Craft CMS Vulnerabilities Exploited in Zero-Day Attacks to Steal Data

Two vulnerabilities affecting Craft CMS have been exploited in a chain during zero-day attacks to compromise servers and steal data, according to CERT Orange Cyberdefense. The exploitations are still ongoing. The specific technical details of the vulnerabilities and the real impacts of the attacks have not been disclosed in the article.