Vulnerability Management Ghost CMS vulnerability exploited in large-scale campaign May 26, 2026 Share By SC Staff A large-scale campaign is exploiting a critical SQL injection vulnerability in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was discovered by XLab threat intelligence researchers, who confirmed impact on more than 700 domains, including university portals, AI/SaaS companies, media outlets, fintech firms, security sites, and personal blogs, according to Bleeping Computer. The vulnerability, identified as CVE-2026-26980, affects Ghost versions 3.24.0 through 6.19.0, allowing unauthenticated attackers to steal admin API keys. These keys grant access to manage users, articles, and themes, enabling the injection of malicious JavaScript into website articles. This script acts as a loader, fetching further code from attacker infrastructure. Visitors who pass a fingerprinting verification are presented with a fake Cloudflare prompt, leading them to execute a command that installs malware, including DLL loaders, JavaScript droppers, and a malicious program called UtilifySetup.exe. While a fix was released in Ghost CMS version 6.19.1 on February 19, many sites have not yet updated. The attack chain involves exploiting the SQL injection to gain elevated privileges, injecting a cloaking script, and then serving a ClickFix lure to unsuspecting users. To mitigate the risk, administrators are urged to upgrade to version 6.19.1 or later, rotate all potentially compromised API keys, and conduct thorough website reviews to remove malicious scripts. Source: Bleeping Computer SC Staff Related Vulnerability Management Critical vulnerability in Universal Robots’ PolyScope OS allows remote command execution SC Staff May 26, 2026 The vulnerability, tracked as CVE-2026-8153 with a CVSS score of 9.8, affects all PolyScope software versions prior to 5.25.1. Vulnerability Management Zero-day vulnerability in Japanese LMS exploited to deploy Cobalt Strike SC Staff May 26, 2026 The vulnerability, CVE-2026-5426, stems from the use of hard-coded ASP.NET machine keys within the LMS. Vulnerability Management Ubiquiti patches three critical vulnerabilities in UniFi OS SC Staff May 22, 2026 The vulnerabilities, identified as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, allow for unauthorized system changes, path traversal for accessing underlying system files, and command injection attacks, respectively. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds