GHOST CMS FLAW FUELS MASSIVE CLICKFIX ATTACK

A critical SQL injection vulnerability in Ghost CMS is being actively exploited to deploy malicious JavaScript in a widespread ClickFix campaign. The flaw, tracked as CVE-2026-26980, allows attackers to inject code that triggers fake tech support scams.