Skip to main content

Tag: ghost cms

2 articles

Laptop screen displays a blurred CMS interface with a cityscape background.

Ghost CMS Flaw Exploited to Hijack Over 700 Sites in ClickFix Attacks

Over 700 websites were hijacked in a massive campaign that exploited a critical Ghost CMS vulnerability, turning legitimate pages into gateways for Windows malware. This alarming attack was made possible by CVE-2026-26980, an SQL injection flaw with a near-perfect CVSS score of 9.4.

Analyst 207
Laptop screen displays website homepage amidst papers and coffee cups in a busy workspace.

Ghost CMS SQL flaw fuels large-scale ClickFix attacks

Over 700 domains were hit in a massive cyberattack that exploited a critical vulnerability in Ghost CMS, putting sensitive data at risk. The flaw, tracked as CVE-2026-26980, allowed hackers to tap into site databases and steal admin API keys.

Analyst 207