Dossier
malicious JavaScript code
Coverage of malicious JavaScript code in the Nexus archive.
- Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code, enabling ClickFix attack flows. The flaw allows attackers to execute arbitrary SQL commands and compromise affected websites.