{"vulnerability": "CVE-2026-26980", "sightings": [{"uuid": "21c6639c-254f-40c0-8998-9b1eaac62f1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/80732", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a ghost-cve-2026-26980\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a dinosn\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-17 19:58:47\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-26980 \u2014 Ghost CMS Content API SQL Injection Lab (unauthenticated blind SQLi via slug filter ordering)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-17T20:00:04.000000Z"}, {"uuid": "03286b4f-7bea-43f2-add0-999324273e94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mfb266mz4n2f", "content": "", "creation_timestamp": "2026-02-20T02:18:11.285662Z"}, {"uuid": "f8517fa1-5b78-451c-80f5-94c6947e5cce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mfb26hfbr72n", "content": "", "creation_timestamp": "2026-02-20T02:18:20.449587Z"}, {"uuid": "df828ce2-227f-4f20-977e-d733cf8e719e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mfb27apeo326", "content": "", "creation_timestamp": "2026-02-20T02:18:46.867945Z"}, {"uuid": "f61f386a-42c2-47f7-8be3-c1d0a37991fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mfcvjdx27h2w", "content": "", "creation_timestamp": "2026-02-20T20:00:15.652743Z"}, {"uuid": "55f38a90-e3f5-4c33-a35f-ba775712991a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26980", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116101430090634660", "content": "", "creation_timestamp": "2026-02-20T06:00:32.289086Z"}, {"uuid": "94beb41e-0eca-4200-b408-05485c10612b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26980", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mfbgltt4p52p", "content": "", "creation_timestamp": "2026-02-20T06:00:34.041568Z"}, {"uuid": "e8a40d45-3a36-4e15-a239-8625e44bd786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/77869", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-26980\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a vognik\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-03-30 00:59:30\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n[CVE-2026-26980] \ud83d\udc7b Ghost CMS Unauthenticated SQLi via Content API\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-03-30T01:00:04.000000Z"}, {"uuid": "e6c230fd-d87e-4b02-a25a-a063eebfbccb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "published-proof-of-concept", "source": "Telegram/AEo7pXRCGr-OWlg-bnWctgWwl39CgWdUiEhamsxBmVPfK4g", "content": "", "creation_timestamp": "2026-03-30T03:00:06.000000Z"}, {"uuid": "3018a82c-6500-46f3-85a2-2b14abb5edcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://t.me/poxek/5938", "content": "\u041b\u043e\u0432\u0438\u0442\u0435 \u0432\u043a\u0443\u0441\u043d\u044b\u0435 \u0431\u0430\u0433\u0438 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u0439 \u043d\u0435\u0434\u0435\u043b\u0438\n#Calibre #Google #Ghost #GetSimple #ApacheVelocity #CVE\n\n\u25aa\ufe0f Calibre (CVE-2026-26065, CVSS 9.3) \u2014 path traversal \u0432 PDB-\u0440\u0438\u0434\u0435\u0440\u0430\u0445 Calibre, \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u0430\u044f \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u043f\u0443\u0442\u0435\u0439 \u043f\u0440\u0438 \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e PDB-\u0444\u0430\u0439\u043b\u043e\u0432. \u0421\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044c \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0431\u0435\u0437 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f. \u0418\u043c\u043f\u0430\u043a\u0442 \u0437\u0430\u0432\u0438\u0441\u0438\u0442 \u043e\u0442 \u043f\u0440\u0430\u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 Calibre \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u0434\u0430\u043d\u043d\u044b\u0445, DoS \u0438, \u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f\u0445, \u043a RCE.\n\n\u25aa\ufe0f Google Cloud Vertex AI SDK for Python (CVE-2026-2472, CVSS 8.6) \u2014 stored XSS \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 \u0432\u0438\u0437\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 GenAI/\u043e\u0446\u0435\u043d\u043e\u043a \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043f\u0430\u043a\u0435\u0442\u0430 google-cloud-aiplatform. \u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 JavaScript \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u043c\u043e\u0434\u0435\u043b\u0438 \u0438\u043b\u0438 JSON-\u0434\u0430\u0442\u0430\u0441\u0435\u0442\u044b \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u0440\u0438 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0438 \u0432 Jupyter/Colab. \u041f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 JS \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0441\u0435\u0441\u0441\u0438\u0438, \u0447\u0442\u043e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0432\u0435\u0434\u0435\u0442 \u043a \u043a\u0440\u0430\u0436\u0435 \u0442\u043e\u043a\u0435\u043d\u043e\u0432, \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0443 \u0441\u0435\u0441\u0441\u0438\u0438 \u0438\u043b\u0438 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f\u043c \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u25aa\ufe0f Ghost (CVE-2026-26980, CVSS 9.4) \u2014 SQLi \u0432 headless CMS Ghost, \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u0430\u044f \u0432 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u043c Content API. \u0418\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u0438/\u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 slug \u0432 query string \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0435 \u0447\u0442\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u0437 \u0431\u0430\u0437\u044b (arbitrary read) \u0431\u0435\u0437 \u043a\u0430\u043a\u0438\u0445-\u043b\u0438\u0431\u043e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438\u043b\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\n\n\u25aa\ufe0fGetSimple CMS (CVE-2026-27161, CVSS 8.7) \u2014 \u0437\u0430\u0449\u0438\u0442\u0430 \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0439 (/data/, /backups/ \u0438 \u0434\u0440.) \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 .htaccess. \u041f\u0440\u0438 \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u043c \u0438\u043b\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u043c AllowOverride \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 Apache \u0437\u0430\u0449\u0438\u0442\u0430 \u043d\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u044f\u043c\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0444\u0430\u0439\u043b\u0430\u043c, \u0432\u043a\u043b\u044e\u0447\u0430\u044f authorization.xml \u0441 \u043a\u043b\u044e\u0447\u0430\u043c\u0438 \u0438 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0441\u0435\u043a\u0440\u0435\u0442\u0430\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\n\n\u25aa\ufe0f WSO2 Identity Server (CVE-2025-12107, CVSS 7.2) \u2014 template injection \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0435\u043c Velocity template engine (Apache Velocity). \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0441 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043c\u043e\u0436\u0435\u0442 \u0432\u043d\u0435\u0434\u0440\u044f\u0442\u044c \u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0448\u0430\u0431\u043b\u043e\u043d\u043d\u044b\u0439 \u043a\u043e\u0434. \u041f\u0440\u0438 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0438 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\ud83c\udf1a @poxek | \ud83d\udcf2 MAX |\ud83c\udf1a \u0411\u043b\u043e\u0433 | \ud83d\udcfa YT | \ud83d\udcfa RT | \ud83d\udcfa VK", "creation_timestamp": "2026-02-24T06:48:10.000000Z"}, {"uuid": "5bc49e9f-95d5-480b-b9de-6cbf17ad0d63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3mmevx4eo5a2t", "content": "Ghost CMS Mass Compromised via CVE-2026-26980, Now Fueling ClickFix Attacks", "creation_timestamp": "2026-05-21T17:09:38.574866Z"}, {"uuid": "84f8953e-b10b-4dbf-a91f-681bf718941f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "published-proof-of-concept", "source": "Telegram/-5TmsWj813MupXUk3oAfbbPwkALq_IWcYveTIHrZR6Vdl1M", "content": "", "creation_timestamp": "2026-04-18T03:00:05.000000Z"}, {"uuid": "d66dd55b-84a3-4d51-bc8c-7e4a5eeab6aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "published-proof-of-concept", "source": "Telegram/LRuVHO_NRtLslMv_pxl3JYoJM5ygIHd_ktikilExPtpHxGM", "content": "", "creation_timestamp": "2026-05-20T15:00:07.000000Z"}, {"uuid": "ba7d3024-6ae9-4b94-813b-a4da519c3bd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mmgg6gjmja2o", "content": "700+ Ghost CMS sites compromised via CVE-2026-26980 (SQLi \u2192 Admin API Key theft) and weaponized for ClickFix attacks. Victims include Harvard, Oxford, Auburn and more. Two threat actors now fighting over the sam\u2026\n\n\ud83d\udd01 RT @Xlab_qax | reposted by @craiu\nhttps://x.com/Xlab_qax/status/2057457233252807090", "creation_timestamp": "2026-05-22T07:32:43.724328Z"}, {"uuid": "3774cf7a-463f-4ced-9114-d105aca2f237", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26980", "type": "seen", "source": "https://swecyb.com/ap/users/116080658609901341/statuses/116612618922061210", "content": "(qianxin.com) Large-Scale Compromise of Ghost CMS via CVE-2026-26980 Fuels ClickFix Malware Campaigns\nActive exploitation of CVE-2026-26980 (Ghost CMS SQLi) enables large-scale ClickFix malware campaigns via Admin API key theft and article poisoning.\nIn brief - Attackers exploit CVE-2026-26980 to steal Ghost CMS Admin API keys, injecting malicious JavaScript into 700+ sites. Users are tricked via FakeCaptcha/ClickFix into executing stealer trojans (Rust/Electron-based). Two threat actor groups compete in this automated, multi-stage campaign.\nTechnically - CVE-2026-26980 (SQLi) allows unauthenticated Admin API key exfiltration. Malicious JS (two-stage loader) decodes base64 URLs to fetch cloaking scripts (e.g., clo4shara[.]xyz), redirecting victims to forged Cloudflare pages. Payloads include installer.dll (Rust) and UtilifySetup.exe (Electron), with persistence. Attackers use dynamic C2 domains (e.g., com-apps[.]cc) and cloaking to evade detection.\nSource: https://blog.xlab.qianxin.com/ghost-cms-mass-compromised-via-cve-2026-26980-now-fueling-clickfix-attacks/\n#Cybersecurity #ThreatIntel", "creation_timestamp": "2026-05-21T13:49:47.968351Z"}, {"uuid": "50d443f4-128c-472f-8866-8c72e1554333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26980", "type": "seen", "source": "https://infosec.exchange/users/VirusBulletin/statuses/116617440646025880", "content": "XLab researchers show how threat actors exploited CVE-2026-26980 to compromise Ghost CMS, causing numerous websites to become accomplices in ClickFix attacks. https://blog.xlab.qianxin.com/ghost-cms-page-poisoning-cve-2026-26980/", "creation_timestamp": "2026-05-22T09:08:49.396110Z"}, {"uuid": "06fb8522-fc7b-41b3-82c8-2c6b7f2c9d9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/virusbtn.bsky.social/post/3mmglkgivsk2y", "content": "XLab researchers show how threat actors exploited CVE-2026-26980 to compromise Ghost CMS, causing numerous websites to become accomplices in ClickFix attacks. blog.xlab.qianxin.com/ghost-cms-pa...", "creation_timestamp": "2026-05-22T09:08:57.996788Z"}, {"uuid": "b36d8760-65a1-4faf-9d65-63465052e9f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mmm7ng5yxvv2", "content": "Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign BleepingComputer A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to...\n\n#Security #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-24T14:51:50.167563Z"}, {"uuid": "4a37aecf-9f38-4ec5-88b1-b9d5312424d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mmmdbsbnei2f", "content": "Ghost CMS\u306bSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u8106\u5f31\u6027\uff08CVE-2026-26980\uff09\u304c\u3042\u308a\u3001ClickFix\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u60aa\u7528\u3055\u308c\u3001\u60aa\u610f\u306e\u3042\u308bJavaScript\u304c\u4ed5\u8fbc\u307e\u308c\u3066\u3044\u307e\u3059\u3002", "creation_timestamp": "2026-05-24T15:56:54.597045Z"}, {"uuid": "eeaee8c4-0e29-40a1-a06d-7c8a13210190", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://t.me/BleepingComputer/24746", "content": "\u200aGhost CMS SQL injection flaw exploited in large-scale ClickFix campaign\n\nA large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]\n\nhttps://www.bleepingcomputer.com/news/security/ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/", "creation_timestamp": "2026-05-24T14:58:38.000000Z"}, {"uuid": "c50d0852-46c1-4173-98f8-00afdb108452", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/hexonbot.bsky.social/post/3mmmil7g2za2v", "content": "Ghost CMS is being weaponized into ClickFix delivery. Attackers used CVE-2026-26980 to steal admin API keys and poison trusted article pages across 700+ domains. https://www.hexon.bot/blog/ghost-cms-clickfix-malware-staging-ground #Cybersecurity #GhostCMS", "creation_timestamp": "2026-05-24T17:31:38.927284Z"}, {"uuid": "d1131a59-1303-41be-9e29-11f9b199bdcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mmmjdsrto22a", "content": "Ghost CMS CVE-2026-26980 is being exploited in a large ClickFix campaign to steal admin API keys and inject malicious JavaScript. Over 700 domains are impacted. #GhostCMS #ClickFix #UtilifySetupExe", "creation_timestamp": "2026-05-24T17:45:24.367299Z"}, {"uuid": "509006f9-896a-48aa-913e-13a5c82bfd55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmngpinxe52e", "content": "Top 3 CVE for last 7 days:\nCVE-2026-45250: 72 interactions\nCVE-2026-45584: 65 interactions\nCVE-2026-46333: 24 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-45250: 8 interactions\nCVE-2026-26980: 6 interactions\nCVE-2026-9082: 4 interactions\n", "creation_timestamp": "2026-05-25T02:30:55.055068Z"}, {"uuid": "c11d0595-dc0a-4c18-b49b-61968dc96bfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/it4intserver.bsky.social/post/3mmoi74vpfg2j", "content": "iT4iNT SERVER Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks VDS VPS Cloud #CVE202626980 #GhostCMS #CyberSecurity #Malware #SQLInjection", "creation_timestamp": "2026-05-25T12:30:12.891579Z"}, {"uuid": "b144f4cc-3828-40c1-b45c-899263c87c80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mmmrp4jeup2s", "content": "Over 700 Ghost CMS sites, from Harvard to tech blogs, are now pushing malware via the \"ClickFix\" SQL injection campaign. If you run Ghost CMS and haven't patched CVE-2026-26980, your site is a trap.\n\nhttps://www.tpp.blog/22syy9o\n\n#cybersecurity #ghostcms #clickfix", "creation_timestamp": "2026-05-24T20:14:53.463104Z"}, {"uuid": "172bbcce-4404-4810-9f91-191cd3a6acb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/ebibibibibibi.bsky.social/post/3mmn4zexmo32d", "content": "Ghost CMS\u306b\u6df1\u523b\u306aSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u8106\u5f31\u6027\uff08CVE-2026-26980\uff09\u304c\u767a\u899a\u3002\u30cf\u30fc\u30d0\u30fc\u30c9\u5927\u3084DuckDuckGo\u3092\u542b\u3080700\u8d85\u306e\u30c9\u30e1\u30a4\u30f3\u304c\u65e2\u306b\u4fb5\u5bb3\u3055\u308c\u3001\u507dCloudflare\u30c0\u30a4\u30a2\u30ed\u30b0\u3067\u30de\u30eb\u30a6\u30a7\u30a2\u3092\u914d\u5e03\u3059\u308bClickFix\u653b\u6483\u306b\u60aa\u7528\u3055\u308c\u3066\u3044\u307e\u3059\u3002\n\n\u4eca\u3059\u3050\u30a2\u30c3\u30d7\u30b0\u30ec\u30fc\u30c9\u3092\u3002\n\n\ud83d\udd17 https://www.ebisuda.net/tech/2026/05/25/ghost-cmscve-2026-26980sqlclickfixduckduckgo700-ghost-cms-sql-injection-flaw-exp/\n\n#TechNews #\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3", "creation_timestamp": "2026-05-24T23:37:28.577121Z"}, {"uuid": "d1133ca4-4db1-4b02-baad-34a17ab01959", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://thehackernews.com/2026/05/ghost-cms-cve-2026-26980-exploited-to.html", "content": "Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks.\n\nAccording to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost's Content API that could allow an unauthenticated attacker to read arbitrary data from the", "creation_timestamp": "2026-05-25T10:02:46.000000Z"}, {"uuid": "0d8aab55-78f7-45c2-afdc-4eb755fd195d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/cybersecurity0001.bsky.social/post/3mmok42dfm42t", "content": "Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks", "creation_timestamp": "2026-05-25T13:04:17.583391Z"}, {"uuid": "1343afff-36bb-4542-a81f-63032ba040c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/bitnewsbot.bsky.social/post/3mmok5fkxga26", "content": "A critical SQL injection flaw (CVE-2026-26980) in Ghost CMS is being actively exploited to hijack website articles. Attackers have compromised [\u2026]", "creation_timestamp": "2026-05-25T13:05:02.477232Z"}, {"uuid": "dc18b814-3708-458b-bb2f-22708896b61e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mmm6adddme2u", "content": "Ghost CMS SQL \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u8106\u5f31\u6027\u304c\u5927\u898f\u6a21ClickFix\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3067\u60aa\u7528\u3055\u308c\u308b\n\n\u5927\u898f\u6a21\u306a\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u304cGhost CMS\u306e\u91cd\u5927\u306aSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u8106\u5f31\u6027\uff08CVE-2026-26980\uff09\u3092\u60aa\u7528\u3057\u3066\u3001ClickFix\u653b\u6483\u30d5\u30ed\u30fc\u3092\u30c8\u30ea\u30ac\u30fc\u3059\u308b\u60aa\u610f\u306e\u3042\u308bJavaScript\u30b3\u30fc\u30c9\u3092\u6ce8\u5165\u3057\u3066\u3044\u307e\u3059\u3002 \u3053\u306e\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306f\u4e2d\u56fd\u306e\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4f01\u696dQianxin\u306e\u8105\u5a01\u30a4\u30f3\u30c6\u30ea\u30b8\u30a7\u30f3\u30b9\u7814\u7a76\u30b0\u30eb\u30fc\u30d7X", "creation_timestamp": "2026-05-24T14:26:35.790693Z"}, {"uuid": "c015cd4f-b0db-44c5-a19e-9afd2350a8dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mmo5ejm4s22g", "content": "Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign\n\nA large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]\n#hackernews #news", "creation_timestamp": "2026-05-25T09:16:24.542073Z"}, {"uuid": "69496b44-f034-4b49-a836-e0c3fc1e00a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mmot4246vl2o", "content": "Ghost CMS CVE-2026-26980 is being exploited to steal admin keys, inject malicious JS, and hijack 700+ sites for ClickFix attacks delivering Windows malware. #GhostCMS #ClickFix #PuTTY", "creation_timestamp": "2026-05-25T15:45:20.835209Z"}, {"uuid": "70ba9fa9-d15f-42db-b39d-3ab33130ecb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26980", "type": "seen", "source": "https://threatintel.cc/2026/05/25/cyber-brief-apt-backdoors-cdn.html", "content": "Chinese APTs share Linux backdoor in Central Asia telco attacks \u2014 China-aligned threat clusters are using the Showboat/kworker Linux post-exploitation framework against telecom providers, with related reporting linking activity to Red Lamassu/Calypso and JFMBackdoor.\n\nRelated: Lumen Black Lotus Labs, PwC\n\nWebworm: New burrowing techniques \u2014 ESET reports that China-aligned Webworm has expanded its toolkit with EchoCreep and GraphWorm, using Discord and Microsoft Graph API for command-and-control while staging malware through GitHub.\n\nRelated: The Hacker News\n\nNetherlands seizes 800 servers of hosting firm enabling cyberattacks \u2014 Dutch FIOD arrested two suspects and seized more than 800 servers tied to alleged sanctions evasion and infrastructure used to support cyberattacks, interference operations and disinformation campaigns linked to Russian interests.\n\nRelated: FIOD\n\nUnderminr vulnerability lets attackers hide malicious connections behind trusted domains \u2014 Underminr abuses shared CDN and hosting infrastructure to make malicious traffic appear as trusted-domain traffic, potentially bypassing DNS filtering and hiding command-and-control, VPN or proxy connections.\n\nRelated: ADAMnetworks, Underminr\n\nKali365 phishing-as-a-service kit hijacks Microsoft 365 access tokens \u2014 The FBI warns that Kali365 uses device-code phishing to capture OAuth tokens, bypass MFA and give attackers persistent access to Microsoft 365 services such as Outlook, Teams and OneDrive.\n\nRelated: Help Net Security\n\nGhost CMS SQL injection flaw exploited in large-scale ClickFix campaign \u2014 Attackers are exploiting CVE-2026-26980 in Ghost CMS to steal admin API keys, inject malicious JavaScript and redirect visitors into fake Cloudflare ClickFix malware flows.\n\nRelated: The Hacker News\n\nLazarus deploys RemotePE memory-only RAT against financial and crypto firms \u2014 Researchers report that North Korea-linked Lazarus is using the RemotePE cross-platform malware in a multi-stage attack chain targeting financial and cryptocurrency organizations.\n\nTrapDoor supply chain attack spreads credential-stealing malware via npm, PyPI and Crates.io \u2014 A coordinated cross-ecosystem supply chain campaign is targeting npm, PyPI and Crates.io to distribute credential-stealing malware aimed at developer secrets, crypto wallets, SSH keys and cloud credentials.\n\nLaravel-Lang packages poisoned for malware delivery \u2014 Attackers rewrote Git tags across Laravel-Lang Composer packages, causing affected builds to pull credential-stealing malware capable of exfiltrating CI secrets and developer credentials.\n\nRelated: StepSecurity\n\n266,000 affected by Radiology Associates of Richmond data breach \u2014 Radiology Associates of Richmond disclosed a breach affecting protected health information after attackers accessed internal systems and acquired files tied to affected individuals.\n\nVerizon DBIR 2026 reinforces fundamentals, patching and third-party risk \u2014 Help Net Security\u2019s DBIR analysis highlights low remediation rates, rising supply chain breach involvement and continued exposure from basic control failures, including missing MFA, weak credential management and excessive cloud privileges.\n\nOpenHack brings open-source AI-powered vulnerability research to security teams \u2014 Hadrian released OpenHack, an MIT-licensed project that uses AI coding harnesses, file-based workflows and human approvals to support structured vulnerability research.\n\nRelated: GitHub\n\nShadow AI use is heaviest among senior decision-makers \u2014 TrustedTech research reported by Help Net Security says 65 per cent of decision-makers use unapproved AI tools, compared with 31 per cent of employees below decision-maker level.", "creation_timestamp": "2026-05-25T11:28:15.000000Z"}, {"uuid": "f5c4ca31-ecbc-4e5b-9977-8554738e1ac4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26980", "type": "seen", "source": "https://bsky.app/profile/breachandbuild.bsky.social/post/3mmoubt7gnm2j", "content": "\u26a1 Major Ghost CMS vulnerability exploited! Over 700 sites were hijacked via CVE-2026-26980, a critical SQL injection, fueling ClickFix social engineering. Our...\n\n#CyberSecurity #BreachAndBuild #GhostCMS #CVE202626980 #ClickFix\n\nhttps://breachandbuild.com/ghost-cms-cve-2026-26980-exploited-700/", "creation_timestamp": "2026-05-25T16:06:29.383578Z"}, {"uuid": "0dc3346a-7dfb-40b0-805a-c7a6dde2b7bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mmoursdkfd2s", "content": "Ghost CMS CVE-2026-26980 was mass-exploited in a SQL injection campaign that hit 700+ sites. Attackers stole Admin API keys and planted JavaScript loaders for ClickFix attacks, impacting Harvard, Oxford, and DuckDuckGo. #GhostCMS #CVE2026 #ClickFix", "creation_timestamp": "2026-05-25T16:15:24.103803Z"}, {"uuid": "d4178da3-a2cd-45a1-89ca-d45bbed6b6b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/packetstorm.bsky.social/post/3mmouzcz6sf22", "content": "Ghost CMS Mass Compromised via CVE-2026-26980, Now Fueling ClickFix Attacks https://packetstorm.news/news/view/41724 #news", "creation_timestamp": "2026-05-25T16:19:36.326594Z"}, {"uuid": "d814c877-e28f-4582-8754-dabe3defdd42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://t.me/TengkorakCyberCrewzz/10612", "content": "Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks \u2013 thehackernews.com\n\nMon, 25 May 2026 20:02:46", "creation_timestamp": "2026-05-25T16:03:10.000000Z"}, {"uuid": "bbc235d3-a8fc-4f7a-b64b-5883c1828edb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mmoy3p3yyl72", "content": "Ghost CMS CVE-2026-26980 Exploited to Compromise Over 700 Websites in ClickFix Campaign Ghost CMS CVE-2026-26980 Exploited to Compromise Over 700 Websites in ClickFix Campaign A critical security v...\n\n#Global #data #breach #Ransomware #Threat #Intelligence #Vulnerability\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-25T17:16:00.763698Z"}, {"uuid": "e1dd8284-65d5-48b3-8cb1-2500a9105e7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mmolvsmrsbw2", "content": "Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript cod...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-25T13:36:42.800188Z"}, {"uuid": "3f12d2e7-218b-4113-9df2-bce4675a4e14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mmomh2pnzg23", "content": "CVE-2026-26980 SQL injection in Ghost has been exploited at scale to steal Admin API keys and inject malicious JavaScript into unpatched sites.\n", "creation_timestamp": "2026-05-25T13:46:14.450766Z"}, {"uuid": "37da4ad1-8880-4ddf-81f4-b7ccc85514d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/technology-news.bsky.social/post/3mmomncjf5f22", "content": "Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.", "creation_timestamp": "2026-05-25T13:49:43.451047Z"}, {"uuid": "d6b7ecbe-8783-4136-9fe0-4195be1eb237", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3mmoniwp3b62j", "content": "\ud83d\udd12 Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks\n\nThreat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malic...\n\nhttps://tinyurl.com/ewzutuwz #CyberSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-05-25T14:05:10.106866Z"}, {"uuid": "d45c084f-216f-4069-96a0-2e73c9f8bc60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/happeningnow.news/post/3mmp7v2hl2c2e", "content": "Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks\nThreat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to\u2026\n\n\ud83d\udd17 https://hnow.live/a/7c51921d", "creation_timestamp": "2026-05-25T19:34:04.490098Z"}, {"uuid": "742e3a6e-4275-4186-b05c-f708ab0f47ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/ninjaowl.ai/post/3mmpaz3ltdc2w", "content": "Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...", "creation_timestamp": "2026-05-25T19:54:13.862620Z"}, {"uuid": "7989128a-61b0-4d08-b729-3493d7984dfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26980", "type": "seen", "source": "https://bsky.app/profile/cyberveille-ch.bsky.social/post/3mmpjqckh7o2c", "content": "\ud83d\udce2 Campagne ClickFix massive exploitant une injection SQL critique dans Ghost CMS (CVE-2026-26980)\n\ud83d\udcdd ## \ud83d\uddd3\ufe0f Contexte\n\nPubli\u00e9 le 24 mai 202\u2026\nhttps://cyberveille.ch/posts/2026-05-25-campagne-clickfix-massive-exploitant-une-injection-sql-critique-dans-ghost-cms-cve-2026-26980/ #CVE_2026_26980 #Cyberveille", "creation_timestamp": "2026-05-25T22:30:22.967941Z"}, {"uuid": "ec32bfac-1048-4765-9f7d-c7d3d37cf36e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/sec-news-bot.bsky.social/post/3mmoiuogkmd2s", "content": "Ghost CMS CVE-2026-26980 \u306e\u8106\u5f31\u6027\u304c700\u4ee5\u4e0a\u306e\u30b5\u30a4\u30c8\u3092\u4fb5\u5bb3\u3001ClickFix\u30de\u30eb\u30a6\u30a7\u30a2\u6ce8\u5165\n\nGhost CMS\u306e\u8106\u5f31\u6027CVE-2026-26980\u304c\u60aa\u7528\u3055\u308c\u3001700\u4ee5\u4e0a\u306e\u30a6\u30a7\u30d6\u30b5\u30a4\u30c8\u304c\u653b\u6483\u5bfe\u8c61\u306b\u3002\u653b\u6483\u8005\u306f\u507d\u306eCAPTCHA\u30da\u30fc\u30b8\u3092\u901a\u3058\u3066ClickFix\u30de\u30eb\u30a6\u30a7\u30a2\u3092\u6ce8\u5165\u3057\u3066\u3044\u307e\u3057\u305f\u3002Ghost CMS\u30e6\u30fc\u30b6\u30fc\u306e\u65e9\u6025\u306a\u30d1\u30c3\u30c1\u9069\u7528\u304c\u5fc5\u9808\u3067\u3059\u3002\n\n#CVE #\u8106\u5f31\u6027 #\u30de\u30eb\u30a6\u30a7\u30a2", "creation_timestamp": "2026-05-25T12:42:16.122111Z"}, {"uuid": "d868b842-f591-4c61-9ddc-6f8bc85e8527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://t.me/ctinow/250784", "content": "Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks\nhttps://ift.tt/K7Gj23A", "creation_timestamp": "2026-05-25T12:19:24.000000Z"}, {"uuid": "cfed0505-7b42-4b1b-a785-f9ae92aae2bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-26980", "type": "seen", "source": "https://bsky.app/profile/cyberlensai.bsky.social/post/3mmoktuxgf42z", "content": "CVE watch: Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix\u2026\n\nCheck exposure, dependency, and agent/tool access before panic-patching. Inventory beats vibes.\n\nSource: thehackernews.com\nhttps://thehackernews.com/2026/05/ghost-cms-cve-2026-26980-exploited-to.html", "creation_timestamp": "2026-05-25T13:17:36.450137Z"}, {"uuid": "81ba08a8-4558-4a60-839f-d33d22fde890", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mmqffgqhqa2t", "content": "Ghost CMS CVE-2026-26980 was abused in a ClickFix campaign that hit 700+ sites, while FBI flagged Kali365 phishing Microsoft 365. The recap also noted major healthcare breaches and poisoned Laravel-Lang packages. #GhostCMS #Kali365 #HealthcareData", "creation_timestamp": "2026-05-26T06:45:22.460391Z"}, {"uuid": "c7223763-b316-4c24-bc3f-993c3bd93d14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmpx5qwrnf2j", "content": "Top 3 CVE for last 7 days:\nCVE-2026-45250: 72 interactions\nCVE-2026-45584: 65 interactions\nCVE-2026-46727: 22 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-26980: 7 interactions\nCVE-2026-44277: 3 interactions\nCVE-2026-5223: 3 interactions\n", "creation_timestamp": "2026-05-26T02:30:32.850747Z"}, {"uuid": "508b32ff-f5b4-450f-ab74-6cb6afb024cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/reconbee.bsky.social/post/3mmqijzvhh22l", "content": "Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks reconbee.com/ghost-cms-cv...\n\n#ghostcms #CMS #hijack #clickfixattacks #cybersecurity #cyberattack", "creation_timestamp": "2026-05-26T07:41:42.727059Z"}, {"uuid": "bb2158d6-b027-416f-a4a2-1a366673791a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mmqm3dsk4c2g", "content": "Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks\n\nThreat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks.\n\nAccording to QiAnXin XLab, the activity in\u2026\n#hackernews #news", "creation_timestamp": "2026-05-26T08:45:00.849279Z"}, {"uuid": "b349d63d-ff5c-440f-9142-62d7e382ca8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mmqn2cdgek2w", "content": "Ghost CMS\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u3001ClickFix\u30de\u30eb\u30a6\u30a7\u30a2\u3067700\u30b5\u30a4\u30c8\u3092\u611f\u67d3\u3055\u305b\u308b\n\n\u30cf\u30c3\u30ab\u30fc\u304c\u73fe\u5728\u3001Ghost CMS\uff08CVE-2026-26980\uff09\u306e\u91cd\u5927\u306aSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u3066Web\u30b5\u30a4\u30c8\u3092\u4fb5\u5bb3\u3057\u3001\u5927\u898f\u6a21\u306a\u30da\u30fc\u30b8\u6c5a\u67d3\u653b\u6483\u3092\u901a\u3058\u3066ClickFix\u30de\u30eb\u30a6\u30a7\u30a2\u3092\u914d\u5e03\u3057\u3066\u3044\u307e\u3059\u3002 \u3053\u306e\u8106\u5f31\u6027\u306b\u3088\u308a\u3001\u653b\u6483\u8005\u306f\u8a8d\u8a3c\u306a\u3057\u3067\u6a5f\u5bc6\u306e\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b3\u30f3\u30c6\u30f3\u30c4\u3092\u62bd\u51fa\u3067\u304d\u307e\u3059\u3002\u3053\u308c\u306b\u306fGhost Adm", "creation_timestamp": "2026-05-26T09:02:18.688349Z"}, {"uuid": "7449594c-b0e6-4a8d-a4cd-ea3005bc3bc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mmqqrxx73c2s", "content": "Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign\n\nA large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980...\n\n\ud83d\udd17 https://ipsec.live/blog/2026-05-25-ghost-cms-sql-injection-flaw-exploited-in-largescale-clickfi\n\n#infosec #cybersecurity", "creation_timestamp": "2026-05-26T10:09:14.148507Z"}, {"uuid": "0c5eea71-3249-4bc2-bba7-400c0182a3a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mmqqrys45r2i", "content": "Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign\n\nA large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980...\n\n\ud83d\udd17 https://ipsec.live/blog/2026-05-26-ghost-cms-sql-injection-flaw-exploited-in-largescale-clickfi\n\n#infosec #cybersecurity", "creation_timestamp": "2026-05-26T10:09:14.864959Z"}, {"uuid": "70afdd11-d824-4313-aaef-2d4753e31376", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/securestep9.bsky.social/post/3mmrcx7rqjp2q", "content": "#GhostCMS: Critical SQL Injection vulnerability impacts #Ghost 3.24.0 through 6.19.0, and allows unauthenticated attackers to read arbitrary data from the website database, including the admin API keys (CVE-2026-26980):\n\ud83d\udc47", "creation_timestamp": "2026-05-26T15:34:17.937571Z"}, {"uuid": "db81c658-aafe-4b8a-8e2f-55b04e06ee84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mmqxauatcjy2", "content": "Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign Attackers exploited CVE-2026-26980 in Ghost CMS to compromise 700+ domains including Harvard and Oxford, turning them into ClickFix malware d...\n\n#Resources #Application #Security #CVE [\u2026] \n\n[Original post on dailysecurityreview.com]", "creation_timestamp": "2026-05-26T12:05:02.276519Z"}, {"uuid": "05c9f7ce-38cd-426f-8820-08f10bd92a80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mmqyz642ca2y", "content": "Threat actors are exploiting CVE-2026-26980, a critical SQL injection vulnerability in Ghost CMS, to hijack over 700 sites for ClickFix attacks. Discovered by Anthropic, the flaw allows unauthorized access to admin API keys, enabling bulk article tampering with malicious JavaScript.", "creation_timestamp": "2026-05-26T12:36:26.018452Z"}, {"uuid": "803c0f27-e282-4320-9e14-b48cf4aaea96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mmqzsqj26u2h", "content": "Hackers Exploit Ghost CMS CVE-2026-26980 to Poison 700 Websites With ClickFix Malware", "creation_timestamp": "2026-05-26T12:50:43.703785Z"}, {"uuid": "e646789b-2461-4402-80a4-09010960e8ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "Telegram/YvvWHUKRJDBE9Q8qrQt6yQIvIzf79ERh6LDBAgGWikkTqg", "content": "", "creation_timestamp": "2026-05-25T12:39:08.000000Z"}, {"uuid": "bdafc69b-1b53-4306-baa9-5ea721fe2a28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/thefwu.com/post/3mmr2mjdxt72x", "content": "Hackers target Ghost CMS through CVE-2026-26980, exploiting server-side template injection to hijack systems. Crucial for site owners to update for security. #CyberSafety", "creation_timestamp": "2026-05-26T13:05:09.016514Z"}, {"uuid": "264dfe61-9e11-48e7-b6d9-e885edc25033", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://t.me/true_secator/8243", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 XLab Qianxin \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442, \u0447\u0442\u043e \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 (CVE-2026-26980) \u0432 Ghost CMS \u0434\u043b\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 JavaScript, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0449\u0435\u0433\u043e \u0430\u0442\u0430\u043a\u0438 ClickFix.\n\n\u0418\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 700 \u0434\u043e\u043c\u0435\u043d\u043e\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0441\u043a\u0438\u0435 \u043f\u043e\u0440\u0442\u0430\u043b\u044b, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0437\u0430\u043d\u0438\u043c\u0430\u044e\u0449\u0438\u0435\u0441\u044f \u0418\u0418/SaaS, \u0421\u041c\u0418, \u0444\u0438\u043d\u0442\u0435\u0445-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0441\u0430\u0439\u0442\u044b \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u043b\u0438\u0447\u043d\u044b\u0435 \u0431\u043b\u043e\u0433\u0438.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0441\u0442\u0438\u043b\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430\u0445 \u0413\u0430\u0440\u0432\u0430\u0440\u0434\u0441\u043a\u043e\u0433\u043e \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430, \u041e\u043a\u0441\u0444\u043e\u0440\u0434\u0441\u043a\u043e\u0433\u043e \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430, \u041e\u0431\u0435\u0440\u043d\u0441\u043a\u043e\u0433\u043e \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u0438 DuckDuckGo.\n\nCVE-2026-26980 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Ghost \u0432\u0435\u0440\u0441\u0438\u0439 \u043e\u0442 3.24.0 \u0434\u043e 6.19.0 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441\u0447\u0438\u0442\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u043b\u044e\u0447\u0438 API \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u042d\u0442\u043e\u0442 \u043a\u043b\u044e\u0447 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c, \u0441\u0442\u0430\u0442\u044c\u044f\u043c \u0438 \u0442\u0435\u043c\u0430\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u0441\u0442\u0430\u0442\u0435\u0439.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0431\u044b\u043b\u043e \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043e 19 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u0432 Ghost CMS 6.19.1, \u0430\u0434\u043c\u0438\u043d\u044b \u043c\u043d\u043e\u0433\u0438\u0445 \u0441\u0430\u0439\u0442\u043e\u0432 \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043d\u0435 \u0443\u0434\u043e\u0441\u0443\u0436\u0438\u043b\u0438\u0441\u044c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435.\n\n27 \u0444\u0435\u0432\u0440\u0430\u043b\u044f SentinelOne \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e\u0431\u00a0\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 CVE-2026-26980\u00a0\u0432 \u0430\u0442\u0430\u043a\u0430\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e \u0442\u043e\u043c, \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0435 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0434\u0432\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0441\u0430\u0439\u0442\u044b Ghost, \u0438\u043d\u043e\u0433\u0434\u0430 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e \u0437\u0430\u0440\u0430\u0436\u0430\u044e\u0449\u0438\u0435 \u043e\u0434\u043d\u0438 \u0438 \u0442\u0435 \u0436\u0435 \u0434\u043e\u043c\u0435\u043d\u044b \u0440\u0430\u0437\u043d\u044b\u043c\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u0430\u043c\u0438 \u043f\u043e\u0441\u043b\u0435 \u043e\u0447\u0438\u0441\u0442\u043a\u0438, \u0438\u043b\u0438 \u043e\u0434\u0438\u043d \u0438\u0437 \u043d\u0438\u0445 \u043e\u0447\u0438\u0449\u0430\u0435\u0442 \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u0440\u0443\u0433\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0441\u0432\u043e\u0439 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439.\n\n\u0410\u0442\u0430\u043a\u0438, \u0437\u0430\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 XLab, \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0442\u0441\u044f \u0441 \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u043d\u043d\u0430\u044f \u043d\u0430 CVE-2026-26980 \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u043a\u043b\u044e\u0447\u0435\u0439 API \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430, \u0430 \u0437\u0430\u0442\u0435\u043c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0430\u0432\u0430, \u0432\u043d\u0435\u0434\u0440\u044f\u044e\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 JavaScript \u0432 \u0441\u0442\u0430\u0442\u044c\u0438.\n\nJavaScript-\u043a\u043e\u0434 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043b\u0435\u0433\u043a\u043e\u0432\u0435\u0441\u043d\u044b\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u043a\u043e\u0434 \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u044d\u0442\u0430\u043f\u0430 \u0438\u0437 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430, \u043f\u043e \u0441\u0443\u0442\u0438, \u044d\u0442\u043e \u0441\u043a\u0440\u0438\u043f\u0442-\u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u043a\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442 \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u0435\u0439, \u0447\u0442\u043e\u0431\u044b \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u0442\u044c, \u043f\u043e\u0434\u0445\u043e\u0434\u044f\u0442 \u043b\u0438 \u043e\u043d\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0446\u0435\u043b\u0435\u0439.\n\n\u041f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u044f\u043c, \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443, \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u043e\u0435 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0435 Cloudflare, \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u043c\u043e\u0435 \u0447\u0435\u0440\u0435\u0437 iframe \u0432 \u0432\u0435\u0440\u0445\u043d\u0435\u0439 \u0447\u0430\u0441\u0442\u0438 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u0441\u0442\u0430\u0442\u044c\u0438, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0435\u0435 \u043f\u0440\u0438\u043c\u0430\u043d\u043a\u0443 ClickFix.\n\n\u041d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u0436\u0435\u0440\u0442\u0432\u0430\u043c \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u0442\u044c, \u0447\u0442\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0447\u0435\u043b\u043e\u0432\u0435\u043a\u043e\u043c, \u0432\u0441\u0442\u0430\u0432\u0438\u0432 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u0443\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u0443\u044e \u0441\u0442\u0440\u043e\u043a\u0443 Windows, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u043d\u0430 \u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u0443\u0434\u0435\u0442 \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434.\n\nXLab \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430, \u0447\u0442\u043e \u0432 \u044d\u0442\u0438\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0438 DLL, \u0434\u0440\u043e\u043f\u043f\u0435\u0440\u044b JavaScript \u0438 \u043e\u0431\u0440\u0430\u0437\u0435\u0446 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Electron \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c UtilifySetup.exe.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0432\u0430\u0436\u043d\u044b\u043c \u0448\u0430\u0433\u043e\u043c \u0434\u043b\u044f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432 Ghost CMS \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 6.19.1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0438 \u0437\u0430\u043c\u0435\u043d\u0430 \u0432\u0441\u0435\u0445 \u0440\u0430\u043d\u0435\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u043a\u043b\u044e\u0447\u0435\u0439, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u043d\u0438 \u043c\u043e\u0433\u043b\u0438 \u0431\u044b\u0442\u044c \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, XLab \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0441\u043f\u0438\u0441\u043e\u043a IOCs, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u043d\u044b\u0435 \u0441\u043a\u0440\u0438\u043f\u0442\u044b, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0434\u043b\u044f \u0438\u0445 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432 \u0432\u0435\u0441\u0442\u0438 30-\u0434\u043d\u0435\u0432\u043d\u044b\u0439 \u0443\u0447\u0435\u0442 \u0432\u044b\u0437\u043e\u0432\u043e\u0432 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e API \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0433\u043e \u0440\u0435\u0442\u0440\u043e\u0441\u043f\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f.", "creation_timestamp": "2026-05-26T13:18:03.000000Z"}, {"uuid": "ef29896d-02dd-4ac3-81e4-eac99a37dfe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3mmrk3mpknx25", "content": "Over 700 websites hijacked via Ghost CMS vulnerability CVE-2026-26980. Ensure your site is secure by updating to version 6.19.1. #CyberSecurity #GhostCMS #CVE202626980 Link: thedailytechfeed.com/critical-gho...", "creation_timestamp": "2026-05-26T17:42:02.425853Z"}, {"uuid": "fd60ea9d-b411-471e-a555-46cd57d2c0b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/concisecyber.bsky.social/post/3mmtay3o3wa2w", "content": "Ghost CMS SQL Injection Vulnerability Fuels ClickFix Campaign Targeting 700+\u00a0Websites\n\nThreat actors are exploiting a SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to hijack over 700 websites in a large-scale ClickFix campaign,.", "creation_timestamp": "2026-05-27T10:04:18.998039Z"}, {"uuid": "d087e71d-57bc-4650-bac0-6838b09d11f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mmrqcpp36c2g", "content": "Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites\n\nAttackers are exploiting the patched Ghost CMS flaw CVE-2026-26980, compromising over 700 unpatched sites, including universities. Threat actors are actively exploiting a security flaw, tracked as\u00a0CVE-2026-26980,\u2026\n#hackernews #news", "creation_timestamp": "2026-05-26T19:33:21.952026Z"}, {"uuid": "255f6c16-2028-4ef6-a364-d94e2ed25ac1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://t.me/S_E_Reborn/6387", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 XLab Qianxin \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442, \u0447\u0442\u043e \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 (CVE-2026-26980) \u0432 Ghost CMS \u0434\u043b\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 JavaScript, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0449\u0435\u0433\u043e \u0430\u0442\u0430\u043a\u0438 ClickFix.\n\n\u0418\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u043c 700 \u0434\u043e\u043c\u0435\u043d\u043e\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0441\u043a\u0438\u0435 \u043f\u043e\u0440\u0442\u0430\u043b\u044b, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0437\u0430\u043d\u0438\u043c\u0430\u044e\u0449\u0438\u0435\u0441\u044f \u0418\u0418/SaaS, \u0421\u041c\u0418, \u0444\u0438\u043d\u0442\u0435\u0445-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0441\u0430\u0439\u0442\u044b \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u043b\u0438\u0447\u043d\u044b\u0435 \u0431\u043b\u043e\u0433\u0438.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0441\u0442\u0438\u043b\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430\u0445 \u0413\u0430\u0440\u0432\u0430\u0440\u0434\u0441\u043a\u043e\u0433\u043e \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430, \u041e\u043a\u0441\u0444\u043e\u0440\u0434\u0441\u043a\u043e\u0433\u043e \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430, \u041e\u0431\u0435\u0440\u043d\u0441\u043a\u043e\u0433\u043e \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442\u0430 \u0438 DuckDuckGo.\n\nCVE-2026-26980 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Ghost \u0432\u0435\u0440\u0441\u0438\u0439 \u043e\u0442 3.24.0 \u0434\u043e 6.19.0 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441\u0447\u0438\u0442\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u043b\u044e\u0447\u0438 API \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u042d\u0442\u043e\u0442 \u043a\u043b\u044e\u0447 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c, \u0441\u0442\u0430\u0442\u044c\u044f\u043c \u0438 \u0442\u0435\u043c\u0430\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446 \u0441\u0442\u0430\u0442\u0435\u0439.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0431\u044b\u043b\u043e \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043e 19 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u0432 Ghost CMS 6.19.1, \u0430\u0434\u043c\u0438\u043d\u044b \u043c\u043d\u043e\u0433\u0438\u0445 \u0441\u0430\u0439\u0442\u043e\u0432 \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043d\u0435 \u0443\u0434\u043e\u0441\u0443\u0436\u0438\u043b\u0438\u0441\u044c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435.\n\n27 \u0444\u0435\u0432\u0440\u0430\u043b\u044f SentinelOne \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e\u0431\u00a0\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 CVE-2026-26980\u00a0\u0432 \u0430\u0442\u0430\u043a\u0430\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e \u0442\u043e\u043c, \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0435 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0434\u0432\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043a\u043b\u0430\u0441\u0442\u0435\u0440\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0441\u0430\u0439\u0442\u044b Ghost, \u0438\u043d\u043e\u0433\u0434\u0430 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e \u0437\u0430\u0440\u0430\u0436\u0430\u044e\u0449\u0438\u0435 \u043e\u0434\u043d\u0438 \u0438 \u0442\u0435 \u0436\u0435 \u0434\u043e\u043c\u0435\u043d\u044b \u0440\u0430\u0437\u043d\u044b\u043c\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u0430\u043c\u0438 \u043f\u043e\u0441\u043b\u0435 \u043e\u0447\u0438\u0441\u0442\u043a\u0438, \u0438\u043b\u0438 \u043e\u0434\u0438\u043d \u0438\u0437 \u043d\u0438\u0445 \u043e\u0447\u0438\u0449\u0430\u0435\u0442 \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u0440\u0443\u0433\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0441\u0432\u043e\u0439 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439.\n\n\u0410\u0442\u0430\u043a\u0438, \u0437\u0430\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 XLab, \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0442\u0441\u044f \u0441 \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u043d\u043d\u0430\u044f \u043d\u0430 CVE-2026-26980 \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u043a\u043b\u044e\u0447\u0435\u0439 API \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430, \u0430 \u0437\u0430\u0442\u0435\u043c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0430\u0432\u0430, \u0432\u043d\u0435\u0434\u0440\u044f\u044e\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 JavaScript \u0432 \u0441\u0442\u0430\u0442\u044c\u0438.\n\nJavaScript-\u043a\u043e\u0434 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043b\u0435\u0433\u043a\u043e\u0432\u0435\u0441\u043d\u044b\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u043a\u043e\u0434 \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u044d\u0442\u0430\u043f\u0430 \u0438\u0437 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430, \u043f\u043e \u0441\u0443\u0442\u0438, \u044d\u0442\u043e \u0441\u043a\u0440\u0438\u043f\u0442-\u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u043a\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u0443\u0435\u0442 \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u0435\u0439, \u0447\u0442\u043e\u0431\u044b \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u0442\u044c, \u043f\u043e\u0434\u0445\u043e\u0434\u044f\u0442 \u043b\u0438 \u043e\u043d\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0446\u0435\u043b\u0435\u0439.\n\n\u041f\u043e\u0441\u0435\u0442\u0438\u0442\u0435\u043b\u044f\u043c, \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443, \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u043e\u0435 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0435 Cloudflare, \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u043c\u043e\u0435 \u0447\u0435\u0440\u0435\u0437 iframe \u0432 \u0432\u0435\u0440\u0445\u043d\u0435\u0439 \u0447\u0430\u0441\u0442\u0438 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b \u0441\u0442\u0430\u0442\u044c\u0438, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0435\u0435 \u043f\u0440\u0438\u043c\u0430\u043d\u043a\u0443 ClickFix.\n\n\u041d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0435 \u0436\u0435\u0440\u0442\u0432\u0430\u043c \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u0442\u044c, \u0447\u0442\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0447\u0435\u043b\u043e\u0432\u0435\u043a\u043e\u043c, \u0432\u0441\u0442\u0430\u0432\u0438\u0432 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u0443\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u0443\u044e \u0441\u0442\u0440\u043e\u043a\u0443 Windows, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u043d\u0430 \u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u0443\u0434\u0435\u0442 \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434.\n\nXLab \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430, \u0447\u0442\u043e \u0432 \u044d\u0442\u0438\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0438 DLL, \u0434\u0440\u043e\u043f\u043f\u0435\u0440\u044b JavaScript \u0438 \u043e\u0431\u0440\u0430\u0437\u0435\u0446 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Electron \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c UtilifySetup.exe.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0432\u0430\u0436\u043d\u044b\u043c \u0448\u0430\u0433\u043e\u043c \u0434\u043b\u044f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432 Ghost CMS \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 6.19.1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0438 \u0437\u0430\u043c\u0435\u043d\u0430 \u0432\u0441\u0435\u0445 \u0440\u0430\u043d\u0435\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u043a\u043b\u044e\u0447\u0435\u0439, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u043d\u0438 \u043c\u043e\u0433\u043b\u0438 \u0431\u044b\u0442\u044c \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, XLab \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0441\u043f\u0438\u0441\u043e\u043a IOCs, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u043d\u044b\u0435 \u0441\u043a\u0440\u0438\u043f\u0442\u044b, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0434\u043b\u044f \u0438\u0445 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044f \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432 \u0432\u0435\u0441\u0442\u0438 30-\u0434\u043d\u0435\u0432\u043d\u044b\u0439 \u0443\u0447\u0435\u0442 \u0432\u044b\u0437\u043e\u0432\u043e\u0432 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e API \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0433\u043e \u0440\u0435\u0442\u0440\u043e\u0441\u043f\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f.", "creation_timestamp": "2026-05-26T16:39:59.000000Z"}, {"uuid": "37ac9aab-0e36-4c04-8fe4-83864d99b286", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/geeknewsbot.bsky.social/post/3mmsjbj3m5v26", "content": "\uacf5\uaca9\uc790\ub4e4\uc774 ClickFix \uacf5\uaca9\uc744 \uc704\ud574 700\uac1c\uc758 Ghost CMS \uc0ac\uc774\ud2b8\ub97c \ud0c8\ucde8\ud568\n\n\uace0\uc2a4\ud2b8 CMS(Ghost CMS)\uc758 \uc2ec\uac01\ud55c \ucde8\uc57d\uc810(CVE-2026-26980)\uc744 \uc545\uc6a9\ud55c \ub300\uaddc\ubaa8 \ud574\ud0b9 \uacf5\uaca9\uc73c\ub85c 700\uac1c \uc774\uc0c1\uc758 \uc6f9\uc0ac\uc774\ud2b8\uac00 \uac10\uc5fc\ub418\uc5b4 \uac00\uc9dc \ubcf4\uc548 \uc778\uc99d\uc744 \uc720\ub3c4\ud558\ub294 '\ud074\ub9ad\ud53d\uc2a4(ClickFix)' \uacf5\uaca9\uc5d0 \ub178\ucd9c\ub418\uc5c8\uc2b5\ub2c8\ub2e4. \uc804\ubb38 \ubc88\uc5ed \uacf5\uaca9\uc790\ub4e4\uc774 \ucd5c\uadfc \uacf5\uac1c\ub41c \uace0\uc2a4\ud2b8 CMS(Ghost CMS)\uc758", "creation_timestamp": "2026-05-27T03:00:06.840098Z"}, {"uuid": "5a9fb0cf-10f2-4e0e-8ba3-ab7a16f3ad00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26980", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mmtf77hyf32g", "content": "Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign\n\nA large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980...\n\n\ud83d\udd17 https://ipsec.live/blog/2026-05-27-ghost-cms-sql-injection-flaw-exploited-in-largescale-clickfi\n\n#infosec #cybersecurity", "creation_timestamp": "2026-05-27T11:19:52.565702Z"}]}