Ghost CMS SQL injection flaw exploited in large
Source: Bleepingcomputer
Published:
<p>A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows.</p> <p>The campaign was discovered by XLab threat intelligence researchers at Chinese cybersecurity company Qianxin, w