TL;DR Introduction At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...

A routine security step has become a doorway for cybercriminals. Here’s how the fake-CAPTCHA scam works, why it catches ...

Security researchers found ClickFix attacks evolving to target other operating systems On Android and iOS, the attack is particularly worrisome, as it transforms into a drive-by attack The malware is ...

ClickFix campaigns are gaining steam according to various security researchers, with recent campaigns spotted across the globe from a wide swath of cyberattackers. The increasingly popular tactic ...

A sneaky IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones ...

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

ClickFix attack employs fake Windows security udpates. Updated November 27 with another Windows update warning, along with threat intelligence from the Acronis Threat Research Unit regarding the use ...

Proofpoint says multiple state-sponsored groups seen using ClickFix attack technique Russians, North Koreans, and Iranians all involved State-sponsored actors are mostly engaged in cyber-espionage The ...

ClickFix attacks have evolved to feature videos that guide victims through the self-infection process, a timer to pressure targets into taking risky actions, and automatic detection of the operating ...

ReliaQuest observed attackers pairing ClickFix with the PySoxy proxy tool to establish redundant encrypted access paths and persistence on compromised systems. ClickFix, a one-shot social engineering ...