Mastodawn

Bonfire 1.0.3: Stability, Clarity, and Federated Publishing. https://bonfirenetworks.org/posts/bonfire-1-0-3-stability-clarity-and-federated-publishing/ #bonfire #fediverse #GhostCMS

Bonfire 1.0.3: Stability, Clarity, and Federated Publishing

Since the 1.0 release of Bonfire Social, we've been heads-down listening to our our pilot communities, beta testers, and co-design partners. Version 1.0.3 is the result: a release focused on stability and polish, which fixes a wide range of bugs and brings meaningful usability improvements, especially around feeds, boundaries, and more advanced features.

CyberNetsecIO 3d ago

📰 Critical Ghost CMS Flaw (CVE-2026-26980) Exploited to Inject Malware on 700+ Sites

📢 GHOST CMS HACKED: A critical SQL injection flaw (CVE-2026-26980) is being mass-exploited to hack Ghost sites. Attackers steal API keys to inject malware that targets visitors. Over 700 sites hit. Patch and rotate keys NOW! #GhostCMS #CVE #SQLi

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/ghost-cms-flaw-cve-2026-26980-exploited-to-inject-malware/?utm_source=masto…

Jody Still Writes 3d ago

Phew! Finally got my "Things Invisible to See" blog moved off Substack. To use my existing #GhostCMS , I grouped posts as collections. Also reviewed each post before republishing. About half of them needed to just float off into the ether.
https://www.breadandstories.com/thingsinvisible/the-machine-stops/

The Machine Stops

“Beware of first-hand ideas!”

Bread and Stories

Federated Mind 3d ago

Ghost is reporting issues with posting and updating pages:

https://ghoststatus.org/incidents/01KT1RMYSQQX35X59G899Q160W

#ghostCMS #fediverse

Issues with posting and updating pages - Ghost Status

Most updates appear to be going through quickly now. We're working with our upstream provider to resolve this issue.

Ghost Status

Federated Mind 3d ago

Ghost is reporting issues with posting and updating pages:

https://ghoststatus.org/incidents/01KT1RMYSQQX35X59G899Q160W

#ghostCMS #fediverse

Issues with posting and updating pages - Ghost Status

Most updates appear to be going through quickly now. We're working with our upstream provider to resolve this issue.

Ghost Status

Rob Anderson 6d ago

Update your #GhostCMS deployments if you haven’t already, there’s an SQL injection vulnerability that can be used to get internal API keys and take over your site.

They tried to change the theme on one of mine to one with a client-side crypto miner.

https://github.com/advisories/GHSA-w52v-v783-gw97

#opsec #devops #it #WebDev

CVE-2026-26980 - GitHub Advisory Database

Ghost has a SQL injection in Content API

GitHub

Nicholas A. Ferrell May 26

Pook-Emu Bee: Links For 05-26-26

I am a bit late on today's Pook-Emu Bee links, but the links are better late than never. 1. Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign (Bill Toulas for Bleeping Computer. May 24, 2026.) PSA for those of your running Ghost. Not WordPress, for once. Winning over here. 2. Former Nintendo exec confirms NES and SNES Classics were made to sustain the company's business during Wii U's dark days (Brian at Nintendo Everything. May 23, 2026.) I had taken it for granted […]

https://social.emucafe.org/naferrell/pook-emu-bee-links-for-05-26-26/

[Article] Pook-Emu Bee: Links For 05-26-26

Seven links for May 26, 2026, covering topics including CVEs in Ghost CMS, Kana Hanazawa auditions, Minesweeper, and the great Wilt Chamberlain.

The Emu Café Social

Sam Stepanyan

🐘May 26

#GhostCMS: Critical SQL Injection vulnerability impacts #Ghost 3.24.0 through 6.19.0, and allows unauthenticated attackers to read arbitrary data from the website database, including the admin API keys (CVE-2026-26980):
👇
https://www.bleepingcomputer.com/news/security/ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows.

BleepingComputer

Analyst207 May 25

Ghost CMS Flaw Exploited to Hijack Over 700 Sites in ClickFix Attacks

Over 700 websites were hijacked in a massive campaign that exploited a critical Ghost CMS vulnerability, turning legitimate pages into gateways for Windows malware. This alarming attack was made possible by CVE-2026-26980, an SQL injection flaw with a near-perfect CVSS score of 9.4.

https://osintsights.com/ghost-cms-flaw-exploited-to-hijack-over-700-sites-in-clickfix-attacks?utm_source=mastodon&utm_medium=social

#GhostCms #Cve202626980 #SqlInjection #Clickfix #WindowsMalware

Ghost CMS Flaw Exploited to Hijack Over 700 Sites in ClickFix Attacks

Learn how CVE-2026-26980 in Ghost CMS was exploited to hijack 700+ sites. Discover security measures to protect your site now and prevent similar attacks.

OSINTSights

Taran Rampersad May 25

Ghost sql injection...

https://www.bleepingcomputer.com/news/security/ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/amp/

#ghostcms #infosec

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows.

BleepingComputer