Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
ZDNet

Websense: UN, UK sites compromised by JavaScript injection

Websense on Tuesday said that the UN and UK government sites are being attacked in a mass JavaScript injection attack. According to Websense: Websense Security Labs has been tracking a recent ...
ZDNet

GoDaddy removes JavaScript injection which tracks website performance, but might break it too

GoDaddy is injecting JavaScript into customer websites for the purposes of tracking which may slow down websites or break them entirely. According to programmer Igor Kromin, issues with his own ...
Bleeping Computer

Brave now lets you inject custom JavaScript to tweak websites

Brave Browser is getting a new feature called 'custom scriptlets' that lets advanced users inject their own JavaScript into websites, allowing deep customization and control over their browsing ...