Absolutely wild that a major publisher has been serving malware for this long with seemingly no one at the wheel. Ongoing security incident.

Edit: looks like this is an ongoing thing, there's a breach of Ghost CMS[1]. OTOH there's a patch for this, so not sure who's screwing up here.

[1] https://socprime.com/active-threats/clickfix-campaign-hijack...