May 262026 Ghost CMS CVE-2026–26980 Exploited to Hijack 700+ Sites for ClickFix Attacks Ghost CMS flaw CVE-2026–26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
