Key Findings Attackers are actively exploiting CVE-2026-26980, a patched SQL injection flaw in Ghost CMS, to compromise over 700 unpatched websites The vulnerability allows unauthorized access to admin API keys, enabling attackers to inject malicious JavaScript into published articles Compromised sites are being weaponized to deliver ClickFix attacks, tricking users into running malicious commands via fake CAPTCHA pages Affected organizations include universities, media outle