The Containment Era is here. →Explore

aviatrix logoAviatrix
Under Active Attack
Industry Category

Online Publishing

Breach intelligence, attack campaigns, and threat reports targeting the Online Publishing sector.

7 threat reports
Page 1 of 1

Explore Other Sectors

Accounting
Aerospace/Aviation
Agriculture
Airlines/Aviation
Animation
Apparel/Fashion
Architecture/Planning
Artificial Intelligence
Artificial Intelligence/Machine Learning
Arts/Crafts
Automotive
Aviation/Aerospace
Banking/Mortgage
Biotechnology/Greentech
Blockchain/Cryptocurrency
Broadcast Media
Broadcasting Media
Broadcasting/Media
Building Materials
Business Supplies/Equipment
Capital Markets/Hedge Fund/Private Equity
Chemical
Chemicals
Civic/Social Organization
Civil Engineering
Cloud Computing
Cloud Computing/SaaS
Cloud Services
Commercial Facilities
Commercial Real Estate
Computer Games
Computer Hardware
Computer Networking
Computer Software/Engineering
Computer/Network Security
Construction
Consulting
Consumer Electronics
Consumer Goods
Consumer Services
Cosmetics
Cosmetics
Critical Manufacturing
Cryptocurrencies
Customer Services
Cybersecurity
Dairy
Dating/Personal Services
Defense/Space
Design
E-Learning
Education Management
Electrical/Electronic Manufacturing
Emergency Services
Energy
Energy/Oil/Solar/Greentech
Entertainment/Movie Production
Environmental Services
Events Services
Facilities Services
Farming
Fashion/Apparel
Financial Services
Fine Art
Fishery
Food Production
Food/Beverages
Fortune 500 companies
Franchising
Fundraising
Gambling/Casinos
Gaming
Gaming/Casinos
Government Administration
Government Facilities
Government Relations
Graphic Design/Web Design
Health Care / Life Sciences
Higher Education/Acadamia
Hospitality
Human Resources/HR
Import/Export
Individual/Family Services
Industrial Automation
Information Services
Information Technology/IT
Insurance
International Affairs
International Trade/Development
Internet
Investment Banking/Venture
Investment Management/Hedge Fund/Private Equity
Judiciary
Law Enforcement
Law Practice/Law Firms
Legal Services
Legislative Office
Leisure/Travel
Logistics/Procurement
Luxury Goods/Jewelry
Machinery
Management Consulting
Manufacturing
Maritime
Marketing/Advertising/Sales
Mechanical or Industrial Engineering
Media Production
Medical Equipment
Medical Practice
Military Industry
Mining/Metals
Mobile
Museums/Institutions
Music
Newspapers/Journalism
Non-Profit/Volunteering
Oil/Energy/Solar/Greentech
Online Publishing
Outsourcing/Offshoring
Package/Freight Delivery
Parking
Pharmaceuticals
Philanthropy
Photography
Plastics
Political Organization
Primary/Secondary Education
Professional Training
Public Relations/PR
Public Safety
Publishing Industry
Railroad Manufacture
Real Estate/Mortgage
Recreational Facilities/Services
Religious Institutions
Renewables/Environment
Research Industry
Restaurants
Retail Industry
Robotics
Rural Healthcare
Security/Investigations
Semiconductors
Sporting Goods
Sports
Staffing/Recruiting
Supermarkets
Technology
Technology/IT
Telecommunications
Think Tanks
Toys and Games
Transportation
Travel/Tourism
Trucking/Freight
Utilities
Venture Capital/VC
Warehousing
Water and Wastewater
Water and Wastewater Systems
Water and Wastewater Treatment
Water, Waste, Steam, and Air Conditioning Services
Water/Wastewater Management
Water/Wastewater/Utilities
Wholesale
Wireless

Online Publishing Threat Reports

Showing 17 / 7 reports
Ghost CMS Vulnerability Leads to Massive ClickFix Attack Campaign
Impact· HIGH
Online Publishing

Ghost CMS Vulnerability Leads to Massive ClickFix Attack Campaign

In May 2026, threat actors exploited a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS, affecting versions 3.24.0 through 6.19.0. This flaw allowed unauthenticated attackers to read arbitrary data from the database, including admin API keys. Utilizing these keys, attackers injected malicious JavaScript into over 700 websites, including those of Harvard University, Oxford University, and DuckDuckGo. The injected scripts facilitated ClickFix attacks, deceiving visitors into executing harmful commands via fake CAPTCHA verification prompts. ([thehackernews.com](https://thehackernews.com/2026/05/ghost-cms-cve-2026-26980-exploited-to.html?utm_source=openai)) This incident underscores the urgency of timely patch management, as the vulnerability had been addressed in version 6.19.1 released in February 2026. The widespread exploitation highlights the evolving sophistication of social engineering tactics and the critical need for organizations to maintain up-to-date security measures to protect their digital assets. ([sentinelone.com](https://www.sentinelone.com/vulnerability-database/cve-2026-26980/?utm_source=openai))

1 month ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(medium)
LM
Lateral Movement(medium)
C&C
Command & Control(medium)
E
Exfiltration(medium)
I
Impact(high)
Read Report
Critical Vulnerabilities in Avada Builder Plugin Affect Over One Million WordPress Sites
Impact· HIGH
Computer Software/Engineering

Critical Vulnerabilities in Avada Builder Plugin Affect Over One Million WordPress Sites

In May 2026, two critical vulnerabilities were discovered in the Avada Builder WordPress plugin, affecting over one million active installations. The first, CVE-2026-4782, is an arbitrary file read vulnerability exploitable by authenticated users with at least subscriber-level access, allowing them to read sensitive files on the server. The second, CVE-2026-4798, is a time-based blind SQL injection vulnerability that can be exploited without authentication, enabling attackers to extract sensitive information from the database, including password hashes. Both vulnerabilities have been patched in version 3.15.3 of the plugin. This incident underscores the importance of timely software updates and the potential risks associated with widely used plugins. Organizations should prioritize patch management and consider implementing additional security measures to protect against similar vulnerabilities in the future.

1 month ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(high)
LM
Lateral Movement(medium)
C&C
Command & Control(medium)
E
Exfiltration(medium)
I
Impact(high)
Read Report
Wikipedia's 2026 JavaScript Worm Attack: A Case Study
Impact· NONE
Higher Education/Acadamia

Wikipedia's 2026 JavaScript Worm Attack: A Case Study

On March 5, 2026, the Wikimedia Foundation experienced a significant security incident when a self-propagating JavaScript worm infiltrated multiple Wikipedia projects. The attack originated from a malicious script on the Russian Wikipedia, which, upon execution, modified global JavaScript files, leading to widespread page vandalism and unauthorized script alterations. In response, Wikimedia engineers temporarily restricted editing capabilities across platforms to investigate and mitigate the breach, successfully removing the malicious code and restoring normal operations. This incident underscores the persistent vulnerabilities in web platforms to self-replicating scripts and the critical need for robust security measures to prevent such attacks. The rapid propagation of the worm highlights the importance of continuous monitoring and prompt response strategies in safeguarding collaborative online environments.

3 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(high)
LM
Lateral Movement(high)
C&C
Command & Control(medium)
E
Exfiltration(low)
I
Impact(high)
Read Report
Substack's 2025 Data Breach: A Wake-Up Call for Security Monitoring
Impact· MEDIUM
Online Publishing

Substack's 2025 Data Breach: A Wake-Up Call for Security Monitoring

In October 2025, Substack, a prominent newsletter platform, experienced a data breach where an unauthorized third party accessed user data, including email addresses, phone numbers, and internal metadata. The breach was not detected until February 3, 2026, leading to a four-month delay in notification. Importantly, sensitive information such as passwords, credit card numbers, and financial data remained secure. ([techcrunch.com](https://techcrunch.com/2026/02/05/substack-confirms-data-breach-affecting-email-addresses-and-phone-numbers/?utm_source=openai)) This incident underscores the critical need for robust security monitoring and rapid breach detection mechanisms. The prolonged detection period highlights potential vulnerabilities in Substack's security infrastructure, emphasizing the importance of timely incident response to protect user data and maintain trust.

4 months ago

Kill Chain

IC
Initial Compromise(medium)
PE
Privilege Escalation(low)
LM
Lateral Movement(low)
C&C
Command & Control(low)
E
Exfiltration(medium)
I
Impact(medium)
Read Report
Critical WordPress Modular DS Plugin Vulnerability Enables Site Takeover
Impact· medium
Computer Software/Engineering

Critical WordPress Modular DS Plugin Vulnerability Enables Site Takeover

In January 2026, a critical security vulnerability (CVE-2026-23550, CVSS 10.0) surfaced in all versions of the WordPress Modular DS plugin prior to 2.5.2. The flaw allowed unauthenticated attackers to escalate privileges and take over administrator accounts by exploiting a combination of weak route authentication and permissive auto-login features, impacting over 40,000 active websites. Active exploitation began on January 13, 2026, with attackers leveraging specifically crafted HTTP GET requests through the exposed "/api/modular-connector/login/" endpoint and originating from known malicious IPs. Compromised sites faced risks of full takeover, data exfiltration, or malware delivery. This incident underscores the growing trend of supply-chain and plugin-based attacks in widely used web platforms, highlighting attackers’ shift to exploiting software design weaknesses over traditional single code bugs. The case serves as a cautionary tale for organizations reliant on third-party integrations and CMS plugins, reinforcing the importance of timely patching and continuous risk assessments.

5 months ago

Kill Chain

IC
Initial Compromise(high)
PE
Privilege Escalation(high)
LM
Lateral Movement(medium)
C&C
Command & Control(medium)
E
Exfiltration(low)
I
Impact(medium)
Read Report
Condé Nast 2024 Breach: Hacker Leaks 2.3M WIRED Subscriber Records
Impact· high
Broadcast Media

Condé Nast 2024 Breach: Hacker Leaks 2.3M WIRED Subscriber Records

In March 2024, a hacker claimed to have breached Condé Nast's systems, exfiltrating and leaking a database containing over 2.3 million subscriber records from WIRED. The attacker published samples of the data on a known cybercrime forum, alleging access to databases belonging to other major Condé Nast brands and threatening to release up to 40 million more records. The exposed data reportedly included names, email addresses, postal codes, company names, and subscription specifics but did not involve payment card information. The breach highlights ongoing risks associated with third-party access, inadequate segmentation, and insufficient detection controls in the media sector. This incident underscores the growing trend of targeting high-profile media companies for large-scale data theft, aligning with broader increases in B2C sector breaches and information theft campaigns. Increased regulatory scrutiny and investor attention on data security make robust segmentation, encrypted transit, and rapid anomaly detection particularly relevant.

5 months ago

Kill Chain

IC
Initial Compromise(low)
PE
Privilege Escalation(low)
LM
Lateral Movement(low)
C&C
Command & Control(low)
E
Exfiltration(medium)
I
Impact(high)
Read Report
Europol Busts Massive SIM-Box Cybercrime Network in 2025
Impact· high
Telecommunications

Europol Busts Massive SIM-Box Cybercrime Network in 2025

In October 2025, Europol led a major operation codenamed 'SIMCARTEL' that dismantled an extensive SIM-box network servicing global cybercriminals. The illicit operation spanned multiple countries, employed 1,200 SIM-box devices and 40,000 SIM cards, and provided fake phone numbers for cybercrimes such as phishing, fraud, impersonation, and extortion. Two key websites, gogetsms.com and apisim.com, were seized. Authorities arrested seven suspects, confiscated servers and luxury assets, and froze significant cryptocurrency and bank funds. Investigators linked the service to at least 3,200 fraud cases and a direct financial loss exceeding €4.5 million, with indications the service was used to create over 49 million fraudulent online accounts. This incident underscores a growing trend in Cybercrime-as-a-Service, where sophisticated tools enable large-scale identity obfuscation and fraud. The takedown reflects mounting law enforcement pressure on criminal infrastructure rentals fueling online financial crime, highlighting urgent regulatory and security challenges for organizations reliant on voice and messaging account verification.

5 months ago

Kill Chain

IC
Initial Compromise(medium)
PE
Privilege Escalation(medium)
LM
Lateral Movement(medium)
C&C
Command & Control(medium)
E
Exfiltration(medium)
I
Impact(high)
Read Report
[ INCIDENT RESPONSE // UNDER ATTACK? ]

Stop Active Cloud Data Exfiltration

Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.

Under Attack

Looking for threats in a different sector?

Browse All Threat Reports