Qianxin X-Lab
xlab-qianxin · B · active
https://blog.xlab.qianxin.com/
Chinese threat-intel research lab (Qianxin X-Lab); primary discoverer of the in-window Ghost CMS CVE-2026-26980 mass-exploitation / ClickFix wave (contributed 2026-05-25, often ahead of Western labs). Added 2026-05-25. Candidate - promote to active after 3 runs with content contribution. | 2026-06-20 full audit (v2.62): live=Y, drill=Y. FETCH → rss: python3 tools/fetch_source.py feed https://blog.xlab.qianxin.com/rss/ 5 (Ghost feed; pick the -en/ English slug) then bridge url <article-en URL> for body. AVOID: WebFetch 403s the host — skip it; /index.xml is 404 (it is a Ghost blog, use /rss/). Feed carries both Chinese and English versions of each post — prefer the '-en' English slug.. | 2026-07-05 admiralty audit: B (up from MEDIUM) — original telemetry-driven botnet/malware research, frequently first-to-report; no status change (active). Prefer English -en slugs.
Cited in 5 entries
Citation cadence
Citation days per ISO week (5 weeks of coverage span, total 2).
- AryStinger: a reconnaissance-and-proxy botnet built on end-of-life D-Link routers and QNAP NAS2026-06-22
- Large-scale ClickFix campaign mass-compromises self-hosted Ghost CMS sites via CVE-2026-269802026-05-25
- Ghost CMS CVE-2026-26980 → ClickFix: the CMS-compromise-to-endpoint kill chain2026-05-25
- CVE-2026-26980 — Ghost CMS unauthenticated blind SQL injection, mass-exploited into a ClickFix infostealer chain2026-05-25
- CVE-2026-26980 — Ghost CMS Content API: unauthenticated blind SQL injection in the slug filter, actively exploited2026-05-25