Vulnerabilities5 min read
700 Sites Hijacked as Ghost CMS SQLi Fuels ClickFix Attacks
Attackers exploit CVE-2026-26980 to steal admin API keys and inject malicious scripts across 700+ Ghost CMS sites, including Harvard and Oxford. Patch now.
Marcus ChenMay 24, 2026