← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Ghost CMS Mass Compromised via CVE-2026-26980, Now Fueling ClickFix Attacks
WHITE Tr1sa111 2026-05-24 Modified: 2026-05-24
33
IOCs
MEDIUM VOLUME
sql injectioncloakinginstaller.dllnotepadplusplus.dllclickfixghost cmsinformation stealermass compromiseutilifysetup.execve-2026-26980fakecaptcha
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
installer.dll UtilifySetup.exe NotepadPlusPlus.dll
Indicators of Compromise (5 / 33 total)
All FileHash-MD5 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 18a7251ddde77ed24bc54700d84d9be1 2026-05-24
FileHash-MD5 5659292833ec421da11ebde005d9c9a8 2026-05-24
FileHash-MD5 d30cc10d54ebc967c8538ff74f442eee 2026-05-24
FileHash-MD5 f280e12f51f996dae7fffc64a56ee527 2026-05-24
FileHash-MD5 fceca579efcef09eb507c6ca977ea281 2026-05-24
References (1)
↗ https://blog.xlab.qianxin.com/ghost-cms-mass-compromised-via-cve-2026-26980-now-fueling-clickfix-attacks/