Hackers Exploit Ghost CMS CVE-2026-26980 to Poison 700 Websites With ClickFix Malware
This story is only covered by news sources that have yet to be evaluated by the independent media monitoring agencies we use to assess the quality and reliability of news outlets on our platform. Learn more here.7 Articles
7 Articles
Ghost CMS Breach Exposes 700 Sites to ClickFix Malware via Unpatched SQL Flaw
Threat actors have seized control of more than 700 websites powered by Ghost CMS. They did so by exploiting a critical SQL injection vulnerability patched months earlier. The attacks inject malicious JavaScript that feeds visitors into ClickFix social engineering schemes. These schemes trick users on Windows machines into pasting commands that download and run malware. The vulnerability, tracked as CVE-2026-26980, carries a CVSS score of 9.4. It…
Hackers Exploit Ghost CMS CVE-2026-26980 to Poison 700 Websites With ClickFix Malware
A critical SQL injection flaw in Ghost CMS has been weaponized by at least two threat actor groups to silently poison over 700 websites with ClickFix malware, putting unsuspecting visitors at serious risk. The vulnerability, tracked as CVE-2026-26980, was publicly disclosed as early as February 19, 2026. Despite this, many Ghost CMS administrators failed to apply the available patch in time. Attackers wasted little time, scanning for unpatched i…
700+ education and tech websites hijacked in huge ClickFix malware campaign
Attackers are abusing a critical Ghost Content Management System (CMS) vulnerability to hijack more than 700 legitimate websites and inject a fake Cloudflare verification step that tricks visitors into running a Windows command that installs malware. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affi…
CVE-2026-26980 Ghost CMS Vulnerability Hits 700 Sites
A critical Ghost CMS vulnerability identified as CVE-2026-26980 has been exploited in a widespread cyber campaign that compromised more than 700 websites, including platforms associated with major institutions such as Harvard University, University of Oxford, and DuckDuckGo. Security researchers say the attacks leveraged weaknesses in the Ghost content management system to inject malicious JavaScript code aimed at facilitating ClickFix malware a…
A critical vulnerability in Ghost CMS, reported and corrected in February 2026, is still actively exploited by cyber criminals to turn legitimate sites into visitor traps. The flaw is known, but patches seem to have been largely ignored. The case concerns Ghost CMS, software
Coverage Details
Bias Distribution
- There is no tracked Bias information for the sources covering this story.
Factuality
To view factuality data please Upgrade to Premium
