> TritonInfoSec News
Home / May 26, 2026 / Story
0
#2 The Hacker News general May 25, 2026 at 12:02 UTC

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

By [email protected] (The Hacker News)

AI Summary

CVE-2026-26980, a CVSS 9.4 SQL injection vulnerability in Ghost CMS's Content API, is being actively exploited by threat actors to inject malicious JavaScript into 700+ compromised websites — including those of Harvard, Oxford, and DuckDuckGo — to deliver ClickFix social engineering attacks. The exploitation was documented by QiAnXin XLab and requires no authentication, making mass exploitation straightforward. Security teams running Ghost CMS should patch immediately and audit for unauthorized JavaScript injections.

Read full article → https://thehackernews.com/2026/05/ghost-cms-cve-20…

Relevance score: 86.0/100

# More from May 26

  1. 1
    Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks Krebs on Security
  2. 3
    Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack SecurityWeek
  3. 4
    TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO The Hacker News
  4. 5
    Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms The Hacker News
  5. 6
    FBI warns of Kali365 phishing service targeting Microsoft 365 accounts BleepingComputer
  6. 7
    Laravel-Lang Packages Poisoned for Malware Delivery SecurityWeek
  7. 8
    Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects SecurityWeek
  8. 9
    DocketWise Data Breach Impacts 143,000 SecurityWeek
  9. 10
    266,000 Affected by Data Breach at Radiology Associates of Richmond SecurityWeek