MUST READ

Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites

 | 

340 Million OnlyFans Profiles Allegedly Rebuilt from Leaks

 | 

Zero-Click WhatsApp Account Takeover Hits iPhone Users Running iOS 16. No Linked Devices, No Warning

 | 

Dutch authorities dismantle hosting network allegedly used for cyberattacks and disinformation

 | 

FBI director Kash Patel’s brand website taken offline after malware reports

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98

 | 

Security Affairs newsletter Round 578 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Anthropic's Project Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More Obvious

 | 

U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog

 | 

CVE-2026-9082: Drupal's Highly Critical SQL Injection Flaw Is Already Under Active Attack

 | 

Why pure extortion is replacing traditional ransomware

 | 

Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets

 | 

Authorities arrest 23-year-old accused of running the Kimwolf botnet

 | 

One Telecom Provider Hosted Most of the Middle East ’s Active C2 Infrastructure

 | 

U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog

 | 

Global law enforcement operation takes First VPN offline

 | 

Apple Blocks Over 2 Million Apps in 2025 Fraud Crackdown

 | 

Attackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fix

 | 

Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload

 | 

Discord adds end-to-end encryption to voice and video calls by default

 | 

CVE-2026-26980

Pierluigi Paganini May 25, 2026
Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites

Attackers are exploiting the patched Ghost CMS flaw CVE-2026-26980, compromising over 700 unpatched sites, including universities. Threat actors are actively exploiting a security flaw, tracked as CVE-2026-26980, in Ghost CMS that was fixed months ago in real attacks against unpatched websites. According to Qianxin, the campaign has already affected more than 700 sites, including well-known organizations and […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites

Cyber Crime / May 25, 2026

340 Million OnlyFans Profiles Allegedly Rebuilt from Leaks

Cyber Crime / May 25, 2026

Zero-Click WhatsApp Account Takeover Hits iPhone Users Running iOS 16. No Linked Devices, No Warning

Security / May 25, 2026

Dutch authorities dismantle hosting network allegedly used for cyberattacks and disinformation

Intelligence / May 25, 2026

FBI director Kash Patel’s brand website taken offline after malware reports

Security / May 25, 2026