All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Over 700 education and tech websites hijacked in ClickFix malware campaign exploiting Ghost CMS flaw

By

Pieter Arntz

1h ago· 4 min readenNews

Summary

Attackers are exploiting a critical vulnerability in Ghost Content Management System (CMS) to hijack over 700 legitimate websites, including those of universities and tech companies. The compromised sites display fake Cloudflare verification pages that trick visitors into running Windows commands that install malware. This "ClickFix" social engineering campaign turns trusted websites into malware delivery platforms by pressuring users to copy and execute malicious PowerShell commands under the guise of verifying they are human.

Source

bskyOver 700 education and tech websites hijacked in ClickFix malware campaign exploiting Ghost CMS flawmalwarebytes.com

Key quotes

· 3 pulled
Attackers are abusing a critical Ghost Content Management System (CMS) vulnerability to hijack more than 700 legitimate websites and inject a fake Cloudflare verification step that tricks visitors into running a Windows command that installs malware.
These social engineering campaigns—where website visitors are tricked into running malicious commands on their systems—are commonly known as 'ClickFix' attacks.
In this case, cybercriminals turned websites belonging to trusted organizations, including universities and tech companies, into delivery platforms for the malware campaign.
Snippet from the RSS feed
Hackers are abusing a Ghost CMS website flaw to serve fake Cloudflare verification pages that pressure users into infecting their own PCs.

You might also wanna read

SVG Clickjacking: A New Technique for Advanced Interactive Attacks and Data Exfiltration

The article introduces a novel cybersecurity technique called "SVG clickjacking" that significantly enhances traditional clickjacking attack

lyra.horse·6mo ago

Beyond the Hook: A Technical Deep Dive into Modern Phishing Methodologies

blog.quarkslab.com·11mo ago

Early Exploitation of React2Shell Vulnerability (CVE-2025-55182) Targets Critical Infrastructure

The article details early exploitation activity following the public disclosure of the critical React2Shell vulnerability (CVE-2025-55182).

blog.cloudflare.com·6mo ago

FBI Director Kash Patel's Apparel Site Found Hosting Malware Attack Targeting Mac Users

An apparel site (BasedApparel.com) co-created by FBI Director Kash Patel and Andrew Ollis has been discovered attempting to trick macOS user

pcmag.com·29d ago

Analysis of CVE-2026-4020: Coordinated Google Cloud Fleet Exploiting Gravity SMTP WordPress Vulnerability

A detailed technical analysis of CVE-2026-4020, a critical vulnerability in the Gravity SMTP WordPress plugin that exposed sensitive credent

honeylabs.net·4d ago

Proof-of-Concept Exploit Released for Critical NGINX Heap Buffer Overflow (CVE-2026-42945)

A proof-of-concept exploit for CVE-2026-42945, a critical heap buffer overflow vulnerability in NGINX's ngx_http_rewrite_module that has exi

github.com·1mo ago