Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...
SecurityWeek

Ghost CMS Vulnerability Exploited to Hack Over 700 Websites

Sites belonging to major universities such as Harvard and Oxford, as well as DuckDuckGo, have been compromised in the attack.
AARP

Medicare Relaxes Rules for Agents, Brokers Before Open Enrollment This Fall

Critics worry whether Medicare agents and brokers will be transparent about what they can offer and can’t for people who want ...
The Caledonian-Record

MMJ International Holdings Rejects "Anti-Marijuana" Label, Defends Science Based Standards for Cannabinoid Medicines

Clinical-Stage Pharmaceutical Developer Says Recent Coverage Misses the Real Story: Marijuana Chemistry, Safety, and ...

Sarasota County's priciest Casey Key home sale in 12 months closes at $9M

The beachfront home built to withstand catastrophic storms at 4005 Casey Key Road in Nokomis, is set on a half-acre and spans ...

WordPress 7.0 Launches With Native AI Integration

WordPress 7.0 arrives without real-time collaboration, but its native AI infrastructure was always going to be the defining ...
Tech Times

WordPress 7.0 Ships AI Agent Infrastructure: API Key Theft Risk Surfaces on Launch Day

WordPress 7.0 “Armstrong,” released May 20, 2026, arrived without the real-time collaborative editing feature that had been ...
The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

Clear your calendar, Drupal user: You have a critically urgent patch to install

The Drupal Security Team’s Monday PSA announcing the imminent patch for Drupal core doesn’t include any specifics, with the ...