DomainMediumSignal 75/100

`updatesecurity.pro`

First Seen

May 18, 2026

Last Seen

Jun 4, 2026

May 18

First Seen

24d ago

Jun 4

Last Seen

8d ago

Reports

source reports

75%

Confidence

medium

Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

75%

Signal Score

75 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

19 techniques

Feed Intelligence Summary

8 reports75% confidence

Source reports

75%

Confidence score

Category tags

cloakingeducationfakecaptchafinance and insuranceghost cmsindicatorinformation stealerinfostealerinjection activitymass compromisemedianetworkransomwareresearchedscams & fraudsql injectiont1027t1055t1059.001t1059.003t1059.007t1071.001t1102t1105t1132.001t1140t1190t1204t1212t1218.011t1547.001t1566t1573t1583.001t1583.006targeting databasethreat actor

Activity Timeline

1 total obs

Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The domain **updatesecurity.pro** has emerged as a significant indicator of compromise (IOC) associated with malware and ransomware activities, first observed on May

Threat ScoreHigh Risk

SIGNAL

Signal Score

75%

Confidence

Reports

First seenMay 18, 2026

Last seenJun 4, 2026

VirusTotal

Not checked

WHOIS

description: Attackers exploited CVE-2026-26980, a critical SQL injection vulnerability in Ghost CMS, to obtain Admin API Keys without authorization and conduct mass website poisoning campaigns. Over 700 domains across multiple industries including universities, blockchain, AI, security research, and media were compromised. The attack chain involves CMS takeover, page poisoning with malicious JavaScript loaders, two-stage cloaking scripts, and FakeCaptcha social engineering to trick users into executing malicious commands. Two distinct threat groups are actively exploiting unpatched Ghost CMS installations, delivering information stealers and remote access tools. Compromised sites include Harvard University, Oxford University, and Auburn University. The attacks leverage users' trust in legitimate websites to increase success rates of ClickFix-type attacks, with payloads being dynamically distributed through Cloudflare-proxied domains.
domain rank: -1
references: https://blog.xlab.qianxin.com/ghost-cms-mass-compromised-via-cve-2026-26980-now-fueling-clickfix-attacks/
subdomains count: 0

`updatesecurity.pro`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy