Monday, 25 May 2026

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

iT4iNT SERVER Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks.

According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost's Content API that could allow an unauthenticated attacker to read arbitrary data from the VDS VPS Cloud


http://dlvr.it/TSjNz4
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline

iT4iNT SERVER A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email cre...