BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Ghost CMS Flaw Fuels Widespread ClickFix Malware

Ghost CMS flaw hijacks articles, fueling ClickFix malware via hijacked legitimate websites.

  • A critical SQL injection flaw (CVE-2026-26980) in Ghost CMS is being actively exploited to hijack website articles.
  • Attackers have compromised over 700 legitimate websites across sectors including blockchain, AI, and fintech to fuel ClickFix malware campaigns.
  • The attacks inject a two-stage JavaScript loader that deploys a cloaking script and a fake CAPTCHA page to trick victims into running malicious commands.
  • The end goal is to install a modified version of the open-source Grape desktop client for persistent remote control.

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks, according to a report from QiAnXin XLab. The campaign, first detected on May 7, 2026, has resulted in the large-scale poisoning of legitimate websites.

- Advertisement -

The vulnerability, CVE-2026-26980, is an SQL injection flaw in Ghost’s Content API with a CVSS score of 9.4. This flaw allows unauthenticated attackers to read arbitrary data and obtain a site’s admin API key without authorization. Consequently, attackers can tamper with articles in bulk by injecting malicious code.

More than 700 websites across universities, blockchain, artificial intelligence, and financial technology sectors have been compromised. XLab said the use of legitimate sites increases the success rate of the subsequent attacks.

The injected code functions as a two-stage loader that retrieves a main payload from an external domain. This payload is a traffic distribution script powered by the commercial cloaking service Adspect, which collects browser fingerprints and serves malicious content only to intended victims. Visitors deemed as targets are shown a fake CAPTCHA verification page within an iframe.

This fake page triggers a ClickFix attack, instructing users to paste a Base64-encoded command into the Windows Run dialog. The command acts as a dropper, ultimately delivering a modified version of the open-source Grape desktop client. This application achieves persistence and polls a remote server every 30 seconds to execute attacker commands.

- Advertisement -

Ghost CMS users are urged to upgrade to version 6.19.1 or later, rotate all credentials, and audit access logs for suspicious activity. Meanwhile, they should notify users who visited during the contamination period of potential compromise.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Bitcoin Creator Back Warns BIP-110 Data Limit Could Split Network

Adam Back said Bitcoin has "robustly rejected" BIP-110, arguing the proposal conflicts with the...

Analyst Says Bitcoin Bear Market Nearing End as Momentum Slows

Bitcoin may be entering the latter stages of the bear market as downside momentum...

IMF: Dollar stablecoins may amplify currency runs in fixed-rate economies

An IMF working paper by economist Brandon Joel Tan models how dollar stablecoins improve...

Japan Plans to Legalize Cryptocurrency ETFs, Minister Says

Japanese Finance Minister Satsuki Katayama announced plans to legalize cryptocurrency ETFs.ETFs let investors gain...

Must Read

10 Best Crypto to Mine Without Special Hardware Equipment

A lot of people mostly think that it takes a difficult process to mine cryptocurrency. today we are going to show you some of...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading