700+ education and tech websites hijacked in huge ClickFix malware campaign

Malwarebytes reports a large ClickFix campaign exploiting a critical Ghost CMS SQL injection (CVE-2026-26980) affecting Ghost versions 3.24.0–6.19.0; attackers compromised 700+ sites, stole Admin API keys, injected malicious JavaScript that shows fake Cloudflare/CAPTCHA dialogs, and tricks visitors into copy‑pasting and running Windows commands which install malware. Site operators should patch Ghost immediately and users should avoid running commands from web pages.