A routine security step has become a doorway for cybercriminals. Here’s how the fake-CAPTCHA scam works, why it catches ...

TL;DR Introduction At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...

Hackers are using this insidious scam to get unwitting victims to install malware themselves.

A sneaky IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones ...

ClickFix campaigns are gaining steam according to various security researchers, with recent campaigns spotted across the globe from a wide swath of cyberattackers. The increasingly popular tactic ...

ClickFix attack employs fake Windows security udpates. Updated November 27 with another Windows update warning, along with threat intelligence from the Acronis Threat Research Unit regarding the use ...

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Proofpoint says multiple state-sponsored groups seen using ClickFix attack technique Russians, North Koreans, and Iranians all involved State-sponsored actors are mostly engaged in cyber-espionage The ...

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and ...

Security researchers found ClickFix attacks evolving to target other operating systems On Android and iOS, the attack is particularly worrisome, as it transforms into a drive-by attack The malware is ...

ReliaQuest observed attackers pairing ClickFix with the PySoxy proxy tool to establish redundant encrypted access paths and persistence on compromised systems. ClickFix, a one-shot social engineering ...