A patched SQL injection flaw in Ghost CMS has been mass exploited.

A recently patched SQL injection flaw in Ghost CMS has been exploited in mass attacks against unpatched sites. Threat actors stole Admin API keys and injected malicious JavaScript into articles, enabling large‑scale ClickFix attacks. More than 700 websites including those of Harvard, Oxford, and DuckDuckGo were compromised. Security researchers report that at least two attacker groups are competing by repeatedly overwriting each other’s malicious code.

Read more:

https://www.securityweek.com/ghost-cms-vulnerability-exploited-to-hack-over-700-websites/