Your next phone or EV could run on a recycled battery that performs nearly as well as a new one. Cornell University researchers have developed a new recycling technique that restores spent lithium-ion cells to up to 95% of their original capacity, while cutting recycling costs by 56%.
A bath instead of a shredder
Current battery recycling techniques are largely destructive. Spent cells are either smelted at extreme temperatures or crushed into a powder and processed with harsh acids to extract usable materials. The recovered components then have to be rebuilt from scratch before they can go into a new battery.
Cornell’s method, as reported by TechXplore, skips all of that. The direct electrode-to-electrode regeneration (DEER) method involves removing a spent battery’s electrodes and soaking them in an electrochemical solution that dissolves the insulating layer responsible for capacity loss. The cleaned electrodes can then go straight into a new cell without being broken down first.
Why it matters beyond the lab
The US relies heavily on imported nickel and cobalt to manufacture lithium-ion batteries, and domestic recycling infrastructure is limited. A process that shortens the recycling loop and keeps more material in circulation addresses both cost and supply chain vulnerabilities.
The Cornell team also found that DEER reduces harmful air pollutants and water use compared to conventional recycling methods. The researchers currently target batteries at 70 to 80% of their original capacity, which is the typical condition of an EV battery pack at the end of life. Next steps include testing the process on industrial-scale batteries and tackling other forms of degradation, such as lithium loss.
If the technique scales, it could mean cheaper batteries, less mining pressure, and fewer spent cells ending up in landfills.
Threat actors are actively exploiting a security flaw, tracked as CVE-2026-26980, in Ghost CMS that was fixed months ago in real attacks against unpatched websites. According to Qianxin, the campaign has already affected more than 700 sites, including well-known organizations and universities.
The vulnerability is an SQL injection issue in Ghost’s Content API that can let an attacker read data from the database without logging in. In the worst case, this can expose the Admin API key, which can allow attackers to take over the site.
That key matters because it can be used to change published content. In this campaign, attackers used it to edit articles on compromised Ghost sites and insert malicious JavaScript at the end of pages. The goal was not just defacement, but to turn trusted websites into launch points for further malware delivery.
“After an in-depth investigation and analysis, we determined that this was not a targeted intrusion against the customer, but rather a large-scale poisoning campaign by an in-the-wild attack group targeting Ghost CMS. Although CVE-2026-26980 was publicly disclosed as early as February 19, a large number of users did not patch and upgrade in time, providing an opportunity for attackers.” reads the advisory published by Qianxin. “At least two groups are currently actively conducting such poisoning operations, and some sites have even become the target of competition between the two parties, with different malicious code being implanted one after another within a single day.”
The inserted code led visitors through a two-step chain. First, the page loaded a remote script that checked the browser and decided what the visitor should see. Then real victims were redirected to a fake verification page that looked like a normal “I’m human” check.
This is where the ClickFix part began. The page told users to press Windows+R, paste a command, and hit Enter. In practice, that command downloaded and started a malware payload on the victim’s machine. It was a classic social engineering trick: make the user do the dangerous part themselves.
Qianxin says the first signs of this activity appeared in early May. The malicious code found in the campaign had a compilation date of February 16, the same day Ghost announced the fix for CVE-2026-26980. That suggests the attackers moved quickly once they saw how many sites had not been updated.
The affected websites cover a wide range of sectors. Roughly half are personal blogs or independent sites, but the list also includes technology blogs, AI sites, media outlets, crypto projects, and educational institutions. Qianxin researchers say victims include sites linked to Harvard, Oxford, and DuckDuckGo.
The attack chain was also designed to be flexible. The loaders could fetch different payloads depending on the target, and the operators changed infrastructure several times.
“entire attack process has obvious five-stage characteristics of “CMS Takeover → Page Poisoning → Two-stage Loading → Social Engineering Lure (FakeCaptcha/ClickFix) → Malware Delivery”, and the entire process is highly automated: bulk vulnerability scanning → automatic key extraction → bulk injection → dynamic C2 distribution.” states the report.
In some cases, they switched domains after detection, keeping the campaign alive even when part of the chain was blocked.
“Through feature scanning of publicly accessible pages, we have cumulatively identified more than 700 poisoned victim domains, and have proactively contacted the sites for which contact information could be obtained, notifying them of the poisoning.” continues the report.
Qianxin also believes at least two different groups are involved. In some cases, the same site was hit more than once, with one attacker replacing the code left by another. That makes the campaign harder to clean up and shows how attractive compromised Ghost sites have become for abuse.
For site owners, the advice is straightforward. Ghost should be updated immediately, all credentials should be rotated, and site logs should be reviewed for suspicious admin API activity. Any injected scripts should be removed from the database itself, not just from the visual editor. Visitors who may have reached a poisoned site should also be warned.
The report includes Indicators of Compromise (IoCs) for the attacks observed by the researchers.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
May 25, 2026
