1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Ghost CMS flaw hijacked to target hundreds of websites with Click

    From TechnologyDaily@1337:1/100 to All on Tue May 26 14:15:27 2026
    Ghost CMS flaw hijacked to target hundreds of websites with ClickFix attacks here's how to stay safe

    Date:
    Tue, 26 May 2026 13:05:00 +0000

    Description:
    A critical-level flaw in a popular CMS, patched months ago, is now being abused.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Researchers warn CVE202626980,
    a critical SQL injection flaw in Ghost CMS (score 9.4), is being exploited in a large ClickFix campaign Over 700 domains, including Harvard, Oxford, DuckDuckGo, and major AI/SaaS firms, were compromised to deliver malware via DLL loaders, JS droppers, and Electronbased payloads Admins should urgently upgrade to Ghost 6.19.1 or later and monitor 30day admin API logs to detect potential compromise A critical-severity vulnerability that reportedly was patched three months ago is being exploited in a massive ClickFix campaign, researchers have claimed.

    In mid-February 2026, a critical SQL injection vulnerability was found in Ghost CMS, a popular open-source Content Management System ( CMS ) currently used by more than 57,000 websites, including the likes of 404 Media, The Canadian government, and Duolingo. The flaw, tracked as CVE-2026-26980 and affecting Ghost 3.24.0 through 6.19.0, was assigned a severity score of
    9.4/10 (critical), as it potentially allows unauthenticated attackers to perform arbitrary reads from the database, which grants management access to users, articles, themes, as well as article pages. Latest Videos From You may like Critical security flaw in DotNetNuke CMS affects 750,000 websites Around 500,000 WordPress websites could be at risk from crucial plugin security flaw Hackers hijack WordPress sites to spread malware using fake CAPTCHA Deploying various malware However, many users most likely did not patch, as Chinese cybersecurity firm Qianxin claims more than 700 domains were compromised to serve ClickFix attack flows.

    Among them are Harvard University, Oxford University, Auburn University, DuckDuckGo , and many AI/SaaS company sites, media outlets, fintech firms,
    and others.

    ClickFix is a type of scam in which attackers tell the victims they have a problem (which they dont) and then provide the solution (which it really isnt). The solution, however, just deploys a piece of malware , and depending on the attackers and the targets, it can vary from classic backdoors to ransomware encryptors.

    In this campaign, the researchers saw DLL loaders, JavaScript droppers, and a generic Electron-based malware being distributed. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    The best way to mitigate the threat is to simply upgrade the Ghost CMS either to version 6.19.1, or whatever the latest version is at the moment. Website owners are also advised to keep a 30-day record of admin API call logs, just to keep track of potential compromise.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/ghost-cms-flaw-hijacked-to-target-hundr eds-of-websites-with-clickfix-attacks-heres-how-to-stay-safe


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)