Ghost CMS Vulnerability Exploited to Hack Over 700 Websites
Sites belonging to major universities such as Harvard and Oxford, as well as DuckDuckGo, have been compromised in the attack. The post Ghost CMS Vulnerability Exploited to Hack Over 700 Websites appeared first on SecurityWeek.
A vulnerability patched a few months ago in the Ghost content management system (CMS) has been exploited to hack hundreds of websites, including ones belonging to major organizations, according to Chinese cybersecurity company Qianxin.
The exploited vulnerability is tracked as CVE-2026-26980 and its existence came to light in February when it was patched.
Ghost is a widely used open source CMS designed specifically for blogging, newsletters, and publishing, offering built-in tools for memberships, subscriptions, and audience monetization. According to its developer, Ghost is actively used by over 100,000 websites.
Source: https://www.securityweek.com/ghost-cms-vulnerability-exploited-to-hack-over-700-websites/
Related breach coverage
- Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities2026-06-02
Google says the Android vulnerability CVE-2025-48595 has been exploited in limited, targeted attacks. The post Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities appeared first on SecurityWeek.
- Oracle WebLogic Vulnerability Exploited in the Wild2026-06-02
The vulnerability is CVE-2024-21182 and it can be exploited without authentication to hack affected WebLogic servers. The post Oracle WebLogic Vulnerability Exploited in the Wild appeared first on SecurityWeek.
- WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites2026-06-01
The security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations. The post WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites appeared first on SecurityWeek.
- Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks2026-05-28
Fortinet rolled out hotfixes for the security defect in April, warning that it had been exploited in the wild as a zero-day and urging immediate patching. The post Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks appeared first on SecurityWeek.