Ghost A.I CyberSecurity Scoring
Ghost
Company Information
Website:https://ghost.org
Employees number:119
Number of followers:13,346
NAICS:51913
Industry Type:Internet Publishing
Homepage:ghost.org
Ghost Risk Score (AI oriented)
Between 700 and 749
GhostInternet Publishing
Updated:
26/05/2026
26/05/2026
736/1000
Moderate
Ba
Ghost Global Score (TPRM)
xxxx
GhostInternet Publishing
Score locked

GhostModerate
Current Score
736Ba (MODERATE)
01000
1 incidents
-19 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
736
JUNE 2026
736
MAY 2026
754
Cyber Attack
07 May 2026 • Ghost
DuckDuckGo, Harvard University and Ghost: Critical Ghost CMS Vulnerability Exploited to Hack 700+ Websites
Critical Ghost CMS Vulnerability Exploited in Large-Scale Malware Campaign
735
CRITICAL-19
DUCHARGHO1779798590
Critical Ghost CMS Vulnerability Exploited in Large-Scale Malware Campaign
A severe SQL injection flaw in the Ghost content management system (CMS), tracked as CVE-2026-26980, has been exploited in a widespread cyberattack compromising over 700 websites, including platforms linked to Harvard University, the University of Oxford, and DuckDuckGo. The campaign, uncovered by Chinese cybersecurity firm QiAnXin’s XLab team, leverages unpatched Ghost installations to inject malicious JavaScript, enabling ClickFix malware attacks.
The vulnerability, disclosed and patched in February 2026 (Ghost version 6.19.1), carries a CVSS score of 9.4, reflecting its critical severity. It allows unauthenticated attackers to extract sensitive data including Admin API keys, user credentials, and authentication tokens via Ghost’s Content API. Once obtained, the Admin API key grants attackers the ability to modify published articles and embed malicious code without authorization.
Exploitation began almost immediately after the patch’s release, with a DLL file linked to the campaign compiled on February 16, 2026, the same day the fix was announced. The first malicious activity was detected on May 7, 2026, with hundreds of Ghost-powered sites compromised by early May. Victims span AI, blockchain, cybersecurity, fintech, media, SaaS, and higher education, though nearly half were personal blogs or independent sites.
Attackers injected two-stage JavaScript loaders into website articles, directing visitors to an external domain (clo4shara[.]xyz/11z77u3.php) to fetch additional payloads. The infrastructure used Adspect, a commercial cloaking service, to fingerprint visitors and selectively deliver malware, evading detection by automated scanners. QiAnXin noted that at least two threat groups are actively competing in these "poisoning operations," with some sites receiving multiple malicious code injections in a single day.
Despite notifications, most compromised sites failed to respond, leaving the campaign ongoing. The attack highlights the risks of delayed patching in widely used CMS platforms.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
APRIL 2026
754
MARCH 2026
754
FEBRUARY 2026
754
JANUARY 2026
754
DECEMBER 2025
754
NOVEMBER 2025
754
OCTOBER 2025
754
SEPTEMBER 2025
754
AUGUST 2025
754
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Ghost ??
What was Ghost's A.I Rankiteo Cyber Score in June 2026 ??
What was Ghost's A.I Rankiteo Cyber Score in May 2026 ??
What was Ghost's A.I Rankiteo Cyber Score in April 2026 ??
What was Ghost's A.I Rankiteo Cyber Score in March 2026 ??
What was Ghost's A.I Rankiteo Cyber Score in February 2026 ??
What was Ghost's A.I Rankiteo Cyber Score in January 2026 ??
What was Ghost's A.I Rankiteo Cyber Score in December 2025 ??
What was Ghost's A.I Rankiteo Cyber Score in November 2025 ??
What was Ghost's A.I Rankiteo Cyber Score in October 2025 ??
What was Ghost's A.I Rankiteo Cyber Score in September 2025 ??
What was Ghost's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Ghost's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Ghost ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Ghost's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?