Hackers Exploit Ghost CMS CVE-2026-26980 to Poison 700 Websites With ClickFix Malware

📅 26 May 2026 at 12:24 UTC📰 Cyber Security NewsView original source ↗

A critical SQL injection flaw in Ghost CMS has been weaponized by at least two threat actor groups to silently poison over 700 websites with ClickFix malware, putting unsuspecting visitors at serious risk. The vulnerability, tracked as CVE-2026-26980, was publicly disclosed as early as February 19, 2026. Despite this, many Ghost CMS administrators failed to […] The post Hackers Exploit Ghost CMS CVE-2026-26980 to Poison 700 Websites With ClickFix Malware appeared first on Cyber Security News.

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News ↗

← Back to feed