Ghost CMS Users Under Attack: Why Developers Must Act Fast
Source: Techgig
Published:
<p>A critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS is being actively exploited in a large-scale campaign, impacting over 700 domains. Threat actors are injecting malicious JavaScript to trigger ClickFix attack flows, stealing admin API keys and deploying malware.</p>