Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

SITREP: A significant campaign is currently exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS. This exploitation allows for the injection of malicious JavaScript code, which activates ClickFix attack flows. TACTICAL ASSESSMENT: The exploitation of this vulnerability indicates a heightened risk for organizations using Ghost CMS, potentially leading to widespread disruptions. This incident underscores the ongoing threat posed by cyber actors leveraging known vulnerabilities for large-scale attacks. PROJECTED VECTORS: It is likely that the campaign will expand, targeting additional systems and users of Ghost CMS as awareness of the vulnerability grows.