Hackers are actively exploiting a critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) to compromise websites and distribute ClickFix malware through large-scale page-poisoning attacks. The vulnerability allows attackers to extract sensitive database contents without authentication, including the Ghost Admin API Key. Unlike the read-only Content API Key, this administrative key grants full control over posts […]

The post Ghost CMS Vulnerability Exploited to Infect 700 Sites With ClickFix Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.