top of page
ALL POSTS
Ghost CMS Vulnerability Exploited in Large-Scale ClickFix Campaign Affecting Hundreds of Sites
Key Findings Attackers are actively exploiting CVE-2026-26980, a patched SQL injection flaw in Ghost CMS, to compromise over 700 unpatched websites The vulnerability allows unauthorized access to admin API keys, enabling attackers to inject malicious JavaScript into published articles Compromised sites are being weaponized to deliver ClickFix attacks, tricking users into running malicious commands via fake CAPTCHA pages Affected organizations include universities, media outle
May 254 min read
CVE-2026-42208: LiteLLM SQL Injection Vulnerability Exploited Within 36 Hours of Public Disclosure
Key Findings Critical SQL injection vulnerability (CVE-2026-42208, CVSS 9.3) in BerriAI's LiteLLM Python package exploited within 36 hours of public disclosure Affects versions 1.81.16 through 1.83.6; patched in version 1.83.7 released April 19, 2026 First exploitation attempt recorded April 26 at 16:17 UTC from IP 65.111.27.132 Threat actor demonstrated precise knowledge of LiteLLM database schema, targeting high-value credential tables No confirmed data theft or credential
Apr 293 min read
CVE-2026-1604: Remote Unauthenticated Attacker Can Steal Ivanti EPM Secrets (Updated)
Key Findings Ivanti released security patches for its Endpoint Manager (EPM) product, addressing two critical vulnerabilities. The most severe flaw, CVE-2026-1603, is a high-severity authentication bypass (CVSS 8.6) that allows remote unauthenticated attackers to access stored credentials. The second vulnerability, CVE-2026-1602, is a medium-severity SQL injection flaw (CVSS 6.5) that could enable data theft by authenticated attackers. There is no evidence of these vulnerabil
Feb 122 min read
bottom of page
