Security Report – 05 Jun 2026

Exploit: Third-Party Data Breach

Risk to Business: Moderate: Mosman Council, a local government authority in Sydney, is investigating a cyber incident involving a breach of a third-party digital platform used to support the management and delivery of some of its community services. According to a statement issued by the council on May 26, the incident appears to be part of a broader breach affecting multiple customers of the third-party provider. The council said the affected system is operated externally and is currently working to understand the scope of the incident. The nature and extent of the data accessed, along with any personal information that may have been compromised, remains under investigation.

United States – Ghost CMS – Technology 

Exploit: Zero-day vulnerability

Risk to Business: Moderate: A critical vulnerability in the Ghost content management system (CMS), patched earlier this year, is now being actively exploited in a large-scale campaign that has impacted hundreds of websites belonging to major organisations. Ghost is a widely used open-source CMS built for blogging, newsletters and publishing. Threat actors are exploiting a critical SQL injection vulnerability in Ghost, tracked as CVE-2026-26980, that was patched in February. Successful exploitation can allow attackers to manipulate database requests and gain unauthorised access to backend systems. Reports also indicate that attackers are combining the exploit with ClickFix social engineering techniques, increasing the effectiveness of the attacks. Security researchers have identified more than 700 compromised websites in the campaign, including those belonging to major universities and technology companies.

Talk to a TCT team member today about implementing Cyber Security strategy plan for your business.