A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows.

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week.

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week.

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week.