Threat actors are exploiting a recently disclosed critical
security flaw in Ghost CMS to inject malicious JavaScript code with
an aim to fuel ClickFix attacks. According to QiAnXin XLab, the
activity involves the exploitation of CVE-2026-26980 (CVSS score:
9.4), an SQL injection vulnerability in Ghost's Content API that
could allow an unauthenticated attacker to read arbitrary data from
the
Read more https://thehackernews.com/2026/05/ghost-cms-cve-2026-26980-exploited-to.html
