Ghost CMS SQLi, Drupal Flaw, Cisco 10.0 Bug – Infosec Briefing

In today's Lode Infosec Briefing: A massive ClickFix campaign exploits a critical SQL injection in Ghost CMS affecting over 700 sites including Harvard and DuckDuckGo. CISA flags a Drupal Core SQLi bug as actively exploited. Plus, Cisco fixes a CVSS 10.0 authentication bypass in Secure Workload. Stay informed.

Chapters:
0:00 Intro
0:19 Ghost CMS Critical SQL Injection Exploited in Massive ClickFix Campaign
1:00 CISA flags Drupal Core SQLi (CVE‑2026‑9082) as actively exploited
1:27 Cisco fixes CVSS 10.0 Secure Workload API auth bypass
1:57 Outro

Sources:
• Ghost CMS Critical SQL Injection Exploited in Massive ClickFix Campaign — https://www.bleepingcomputer.com/news/security/ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/
• CISA flags Drupal Core SQLi (CVE‑2026‑9082) as actively exploited — https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• Cisco fixes CVSS 10.0 Secure Workload API auth bypass — https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy

Full briefing & links: https://news.lodehq.com/a/infosec/2026-05-27

Видео Ghost CMS SQLi, Drupal Flaw, Cisco 10.0 Bug – Infosec Briefing канала LodeHQ