THREATNOIR
Subscribe
Back to show
Red vs Blue Show

Ghost CMS SQL Injection Owns 700 Sites

May 26, 2026 · 1:40

A SQL injection vulnerability in Ghost CMS (CVE-2026-26980) allowed attackers to extract Admin API keys from approximately 700 sites including Harvard, Oxf…

X

Watch next

340 Million OnlyFans Records Stitched From Old Leaks
1:00

340 Million OnlyFans Records Stitched From Old Leaks

May 25, 2026

Eight-Year-Old Bug Powers Million-Router Botnet
1:40

Eight-Year-Old Bug Powers Million-Router Botnet

May 24, 2026

Malicious Postinstall Hooks Lurk in 700+ Repos
1:40

Malicious Postinstall Hooks Lurk in 700+ Repos

May 23, 2026

Defender Zero-Days Exploited Before Patch Tuesday
1:40

Defender Zero-Days Exploited Before Patch Tuesday

May 22, 2026

SonicWall MFA Bypass: Patched but Still Wide Open
1:40

SonicWall MFA Bypass: Patched but Still Wide Open

May 21, 2026

47 Zero-Days Drop at Pwn2Own Berlin
1:40

47 Zero-Days Drop at Pwn2Own Berlin

May 20, 2026

SHub Reaper Spoofs Apple Updates to Steal Everything
1:40

SHub Reaper Spoofs Apple Updates to Steal Everything

May 19, 2026

Tycoon2FA Weaponizes Device-Code Phishing for M365
1:40

Tycoon2FA Weaponizes Device-Code Phishing for M365

May 18, 2026

16-Year-Old NGINX Flaw Now Has Public Exploit
1:40

16-Year-Old NGINX Flaw Now Has Public Exploit

May 17, 2026