Secure Software2 min readMay 24, 2026

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

Attackers are actively exploiting a critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) to inject malicious JavaScript that delivers ClickFix social engineering attacks at scale. If you run Ghost CMS, you should immediately patch to the lat

Read the full article: https://www.bleepingcomputer.com/news/security/ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/

Could your website be vulnerable to attacks like this?

Run a free 10-point security scan on your site — headers, SSL, DNS, and more. Results in 15 seconds.

Test Your Site Now — It's Free

More Security Insights

Cybersecurity

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

Read Secure Software

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

Read