Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows.
GitHub

intro_gemini_data_analytics_sdk.ipynb

We recommend (though do not require) you follow our example system_instruction below and fill out the stringified YAML template provided with field instructions, validated ("golden") queries, ...
GitHub

raft-medium-directories.txt

cgi-bin images admin includes modules templates cache wp-admin search wp-content wp-includes media js tmp language scripts user plugins administrator components installation css libraries themes misc ...