On 22 June 2026, the heads of the Five Eyes cyber security agencies warned that AI is collapsing the time between a vulnerability going public and its exploitation. On 9 July, the Australian Signals Directorate confirmed a large-scale campaign doing exactly that — against the websites Australian organisations have forgotten they own.
The ASD rates its 9 July alert critical. A global campaign is scanning websites at scale and exploiting known vulnerabilities in content management systems and their plugins to plant webshells — persistent remote access to the underlying web server. Many of the organisations already compromised are small and medium Australian businesses.
None of the vulnerabilities is novel. Every one is public. Every one has a patch available. That is the entire point.
The exposed asset is the one nobody owns
The instinct is to picture the corporate website the IT team maintains and monitors. That is rarely the asset at risk. The surface being scanned is the estate nobody owns: the campaign microsite from two years ago, the acquired subsidiary’s WordPress install, the public staging environment, the event page that was spun up and never decommissioned.
These run outdated software because no one is accountable for patching them. And no one is patching them because no one has them on the asset register. The vulnerability is not really in the plugin. It is in the fact that the organisation has lost track of what it has exposed to the internet.
Visible from the outside — to us, and to the attacker
None of this requires insider access to see. A passive external assessment — nothing beyond what any ordinary visitor’s browser sends — can fingerprint the CMS, identify plugin versions, and map them against known vulnerabilities. The campaign in the ASD’s alert is doing precisely this, automatically, across the internet.
What a passive external view establishes
- Which CMS platforms and plugin versions you run, inferred from public signals — including instances your own team may have forgotten.
- Which of your sites, login pages and interfaces are reachable from the internet, and where that footprint is larger than assumed.
- Where a public-facing site maps to a vulnerability that is already being exploited in the wild right now.
- How your subsidiaries, acquisitions and suppliers look from the outside — the exposure that quietly becomes yours.
The asymmetry is not technical capability. It is awareness. The attacker can enumerate your external CMS footprint. Most organisations cannot enumerate their own. That is the same structural blind spot we have written about before — why Australia keeps suffering the same breach, year after year, and what a GRC platform simply cannot see.
The ASD drew the line to AI itself
The 9 July alert does not present this campaign as an isolated event. It ties it directly back to the Five Eyes joint statement of 22 June (full text, PDF), which warned that AI is shortening the window between disclosure and exploitation, and that cyber risk is now a board responsibility rather than a purely technical one. The agencies told leaders to reduce their attack surface and accelerate patching. The Five Eyes timeline for the threat was “months, not years.” The gap between that warning and its documented realisation was seventeen days.
This is a pattern, not an incident
This is the ASD’s second CMS alert in two months. It follows a May advisory on compromised Australian WordPress sites being used to deliver infostealer malware to their own visitors. The specific plugins change; the shape does not. Public-facing CMS software, unowned and unpatched, is being found and used faster than the organisations running it can react — and some of the vulnerabilities in this campaign have had patches available for many months.
What it means under Australian obligations
For regulated organisations, none of this is abstract.
- CPS 234 requires a classified inventory of information assets. A forgotten public website is an unclassified, unmanaged asset — a control gap by definition, before a single vulnerability is even considered.
- The Essential Eight maturity for patching applications cannot be evidenced for software the organisation does not know is running. You cannot report a control you cannot see.
- The Privacy Act notification obligations engage where a compromised site captures user credentials or personal data — which the ASD notes these webshells are used to do.
The gap is upstream of patching
The controls here are not exotic. Know what you have exposed. Patch it. The failure sits one step before patching: not knowing the asset exists in the first place. That is the gap this campaign is built to find — and it is the gap we assess for, before someone else does.
BlackFlag Advisory delivers passive external exposure assessments mapped to Australian regulatory obligations, in board-ready form. If you cannot name every CMS instance your organisation has facing the internet, that is where to begin — and the honest place to start is finding out what an attacker already sees.
Sources & further reading
- ASD’s ACSC — Large-scale exploitation campaign targeting website content management systems (CMS), 9 July 2026.
- Five Eyes cyber security agencies statement, Cyber.gov.au and NCSC (full statement, PDF), 22 June 2026.
- iTnews — Second alert from ACSC in two months shows unpatched CMS bugs still exploited, July 2026.