Ghost CMS | Breaking Cybersecurity News | The Hacker News

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost's Content API that could allow an unauthenticated attacker to read arbitrary data from the database. The security flaw was addressed in February 2026 in version 6.19.1. The vulnerability was discovered by Anthropic using Claude. What makes the vulnerability severe is that it allows an attacker to gain access to a site's admin API key without permission, granting them the ability to poison the site by injecting malicious code. The admin API key can be used to invoke the admin API and can directly modify articles published on the content management system. The threat actor leveraged the security flaw to "obtain the target site's Admin API Key without authorizati...

Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as  Ghost , one of which could be abused to elevate privileges via specially crafted HTTP requests. Ghost is an open source blogging platform that's used in more than 52,600 live websites, most of them located in the U.S., the U.K., German, China, France, Canada, and India. Tracked as CVE-2022-41654 (CVSS score: 9.6), the authentication bypass vulnerability allows unprivileged users (i.e., members) to make unauthorized modifications to newsletter settings. Cisco Talos, which  discovered  the shortcoming, said it could enable a member to change the system-wide default newsletter that all users are subscribed to by default. Even worse, the ability of a site administrator to inject JavaScript into the newsletter by default could be exploited to trigger the creation of arbitrary administrator accounts when attempting to edit the newsletter. "This gives unprivileg...

Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework , a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and DigiCert. Tracked as CVE-2020-11651 and CVE-2020-11652 , the disclosed flaws could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. The issues were fixed by SaltStack in a release published on April 29th. "We expect that any competent hacker will be able to create 100% reliable exploits for these issues in under 24 hours," F-Secure researchers had previously warned in an advisory last week. LineageOS, a maker of an open-source operating system based on Android, said it detected the intrusion on May 2nd at around 8 pm Pacific Time. "Around 8 pm PST on May 2nd, 2020, an attacker used a CVE in our SaltStack master to gain access to our infrastructure," the company n...