A critical security alert has emerged regarding a cyber assault targeting web servers globally, driven by a Ghost CMS poisoning campaign exploiting vulnerabilities to distribute malware. The attack leverages a high-risk SQL injection vulnerability (CVE-2026-26980) to gain unauthorized access to websites, allowing attackers to modify content and embed malicious JavaScript. The targeted sites mislead users through fake verification portals that prompt dangerous downloads.
Over 700 domains in various sectors, including educational institutions, have been affected. Analysts note intense competition among attackers for control over the same vulnerabilities. Immediate remediation measures include patching vulnerabilities, updating controls, and monitoring for unauthorized backend access.