Toggle main navigation

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

Published on May 24, 2026

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]

Continue reading on website

Other news

Laravel Lang packages hijacked to deploy credential-stealing malware

May 23, 2026

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. [...]

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign | Westcon-Comstor Tech ConneX