Secure Software2 min readMay 24, 2026

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

Attackers are actively exploiting a critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) to inject malicious JavaScript that delivers ClickFix social engineering attacks at scale. If you run Ghost CMS, you should immediately patch to the lat

Read the full article: https://www.bleepingcomputer.com/news/security/ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/

Could your website be vulnerable to attacks like this?

Run a free 10-point security scan on your site — headers, SSL, DNS, and more. Results in 15 seconds.

Test Your Site Now — It's Free

More Security Insights

Secure Software

Laravel Lang packages hijacked to deploy credential-stealing malware

Read Secure Software

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

Read