tryghost News Articles

Recent news articles refferecing the vendors vulnerabilities.

favicon imageWebpronews

Ghost CMS Breach Exposes 700 Sites to ClickFix Malware via Unpatched SQL Flaw

Over 700 Ghost CMS sites, including those from Harvard, Oxford and DuckDuckGo, were compromised via CVE-2026-26980. Attackers stole admin API keys and injected JavaScript loaders that trigger ClickFix social engineering prompts tricking users into running malware. The flaw was patched in February bu...

1 month ago

favicon imageThe Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

favicon imageBleepingComputer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows.

No more news articles to load.