A large-scale malware campaign has compromised over 700 websites, primarily in the education and tech sectors, by exploiting a critical vulnerability in the Ghost Content Management System. The attackers inject a fake Cloudflare verification step, deceiving visitors into executing a malicious Windows command that installs malware, characteristic of "ClickFix" attacks. This social engineering tactic relies on tricking users into running harmful commands on their systems. The campaign's scope and use of trusted organizations' websites, including universities and tech companies, underscore its potential impact. The vulnerability is being leveraged to turn legitimate websites into malware delivery platforms, putting visitors at risk. This campaign's success highlights the importance of prompt patching and user awareness, as a single misstep can lead to malware infection, so a proactive approach to security is crucial to prevent such attacks1.