Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Checkout Refuses ShinyHunters Ransom, Donates Funds to Cybersecurity Research

  Checkout, a UK-based financial tech firm, recently suffered a data breach orchestrated by the cybercriminal group ShinyHunters, who have d...

All the recent news you need to know
WhatsApp Security
Cross-Platform Messaging Cyber Security Digital Markets Act Encrypted Communication EU Tech Regulation Messaging Compliance Meta Interoperability Secure Connectivity Third-Party Chats WhatsApp Security

Users Will Soon Text From External Apps Directly Inside WhatsApp

 


WhatsApp is taking a significant step towards ensuring greater digital openness across Europe by enabling seamless communication that extends beyond the borders of its own platform, making it closer to enabling seamless communication that extends beyond the confines of its platform itself. 

According to the requirements for interoperability outlined in the EU’s Digital Markets Act, the company is preparing to add third-party chat support to its chat services within the European Union. A new feature that is being offered by WhatsApp will allow users to communicate with users on other messaging services which are willing to integrate with the WhatsApp framework. This feature can be opted into by individuals who choose to opt in. 

An initial rollout, planned in Europe for both Android and iOS devices, will cover the basics like text, photos, videos, voice notes, and files, while a later phase will include a broader range of capabilities, including cross-platform group chats. 

The new system is offered as an option and can be controlled in the application's settings. However, WhatsApp's new features have been built in a way that ensures that end-to-end encryption standards are maintained within WhatsApp's existing security protocols, ensuring users' privacy is never compromised as a result of expanding connectivity. 

A few users in the European Union have reported a new "third-party chats" section in their WhatsApp account settings, which indicates that WhatsApp may be expanding its cross-platform ambitions. While this feature is still under development and has not yet been formally introduced, it gives a glimpse into how the platform intends to streamline communication across multiple platforms by making it easier to communicate. 

The Messenger app also offers users the option to sync their messages, photos, videos, voice messages, and documents with external apps, allowing them to exchange messages, photos, videos, voice notes, and documents with these apps or separate them into a separate section that is clearly identified and accessible to them.

It is important to note that some WhatsApp functions, including status posts, disappearing messages, and stickers, remain unsupported for the time being, and there are some limitations in place, such as the possibility of receiving messages from individuals previously blocked on WhatsApp who initiate contact through another platform. 

When users receive incoming message requests from third-party platforms, they can choose to respond immediately to messages or review them at their convenience according to how they want. In addition to providing a detailed preview of how the cross-platform experience will function once it has been released to a broader audience, WhatsApp’s testing phase will also give an in-depth look at how the cross-platform experience functions in real life. 

In parts of the European Union, Google is undergoing test trials regarding a new setting that exists within the app, known as "third-party chats," and allows users to exchange text messages, images, videos, voice notes, and documents with compatible external services through these third-party chats. In the beta period, BirdyChat seems to be the only app that is connected, but as more platforms adopt the required technical framework, there is expected to be a broader interoperability.

It is up to the user to decide whether to store these conversations in his or her primary inbox or separate folders based on his or her individual preferences. Some platform-specific tools, such as status updates, disappearing messages, and stickers, will not carry over to external exchanges, since they will only be accessible on WhatsApp. This feature is entirely optional, allowing those satisfied with WhatsApp's existing environment to leave it disabled. Further, WhatsApp blocked users are still able to reach out to those blocked via a third-party application, which the company has noted in its testing. 

Although WhatsApp's own communication channels continue to be encrypted end-to-end, the level of protection for messages that are exchanged with other platforms is a result of the encryption policies adopted by those services. The company maintains that it cannot read the content of chats sent by third parties, even when they are accessed through WhatsApp' interface. 

Despite months of controlled testing, what has been done to highlight the progress made through the cross-platform initiative is now moving into a broader rollout phase. As part of a recent announcement by the company, we learned that WhatsApp users in the European region will shortly be able to communicate directly with people using BirdyChat and Haiket by using the newly introduced third-party chat feature. 

Meta describes this advance as a key milestone that will help Meta meet the EU's requirements for interoperability under the Digital Markets Act of the European Union. The new feature will enable European users to send messages, images, voice notes, videos, and files via external platforms to their external contacts and as soon as partner services complete their own technical preparations, users will be able to exchange group messages and images with each other. 

A notification will appear in the Settings tab to guide users through the opt-in process as Meta plans to enter this feature gradually over the coming weeks. Currently, the feature is only compatible with Android and iOS, leaving desktop, web, and tablet versions of the app unaffected. 

As Meta points out, these partnerships were developed over the course of several years as a result of repeated efforts by European messaging providers and the European Commission to establish an interoperability framework that is both DMA-compliant and protects the privacy of users. It is mandatory for all third-party interactions to follow encryption protocols, which are consistent with WhatsApp's own end-to-end protections. 

Furthermore, the interface has been designed to make it easy for users to distinguish between native and external chats. The system was already previewed by Meta in late 2024, which included features like a dedicated folder for third-party messages and an alert system when a new external messaging service becomes available for use. In accordance with the Digital Markets Act, WhatsApp is under pressure to support only the most basic messaging functionality. 

However, WhatsApp is in the process of developing advanced features for third-party chat users who enable the function. A number of advanced interaction features will accompany the initial rollout of Meta's communication services, such as message reaction, threaded replies, typing indicator, and read receipts, ensuring a smoother and more familiar communication process across multiple services.

There is also a long-term roadmap that has been developed by the company, which includes the introduction of cross-platform group chats in 2025, as well as the implementation of voice and video calling by 2027, once technical integrations have matured. 

Aside from the fact that WhatsApp emphasizes that the wider availability of these features depends on how soon other messaging apps will embrace the necessary standards for interoperability, the company believes the ultimate goal is to create an intuitive, secure platform that allows users to seamlessly communicate across multiple platforms with ease and without any hassle.

A feature like the one listed above, as WhatsApp moves steadily towards a more integrated messaging ecosystem, will likely have a long-term impact that extends beyond the convenience it provides. As WhatsApp opens its doors to external platforms, it is positioning itself at the center of a unified digital communication landscape—one in which users will not have to juggle a variety of applications in order to remain in touch.

The shift provides consumers with greater flexibility, a wider reach, and fewer barriers between services, while for developers it creates a new competitive environment based on interoperability rather than isolation. It is quite likely that, if this transition is executed well, it will redefine how millions of people around the world navigate their daily lives.
Read more »
USA
Bulletproof hosting Cyber Crime media land Ransomware Russia USA

Governments sanction Russian “bulletproof” host for aiding ransomware networks

 



Authorities in the United States, the United Kingdom, and Australia have jointly imposed sanctions on a Russian bulletproof hosting provider accused of giving safe and long-term technical support to ransomware operators and other criminal groups. Officials say the newly sanctioned entities have played a central role in keeping several high-impact cybercrime operations online.

A bulletproof hosting service is a type of internet infrastructure provider that knowingly allows harmful activity on its servers. These companies rent out digital space and refuse to take down malicious websites, even when they receive complaints from victims or requests from law enforcement. Such services help threat actors conduct phishing campaigns, distribute malware, run command and control systems for their attacks, and host illegal content without fear of quick removal. This resistance to oversight makes it harder for investigators to disrupt cybercriminal networks.


Media Land and its linked companies named as key targets

The United States Treasury’s Office of Foreign Assets Control announced that Media Land, a Russia-based provider, has been added to the sanctions list along with three related firms: Media Land Technology, Data Center Kirishi, and ML Cloud. According to officials, Media Land’s infrastructure has been connected to well-known ransomware groups. It has also been tied to distributed denial-of-service attacks that targeted American companies, including systems categorized as critical infrastructure such as parts of the telecommunications sector.


Officials name individuals connected to the operation

Sanctions also extend to three people associated with Media Land. Aleksandr Volosovik has been identified as someone who promoted the company’s services on underground cybercriminal forums under the username Yalishanda. Another individual, Kirill Zatolokin, is accused of handling customer payments. A third person, Yulia Pankova, is said to have assisted with legal matters and financial management. The United Kingdom additionally stated that Volosovik has interacted with multiple cybercrime groups in the past.


Other companies involved in supporting the infrastructure

The sanctions package further includes Aeza Group LLC, another bulletproof hosting operator that had already been sanctioned earlier this year. Authorities say Aeza attempted to continue operating by using a UK-based company named Hypercore Ltd as a front. Additional entities in Serbia and Uzbekistan that provided technical assistance to the network have also been designated.


Government agencies issue defensive guidance

Along with the sanctions, cybersecurity agencies across the Five Eyes alliance released technical recommendations to help defenders identify and block activity linked to bulletproof hosting services. They suggest creating high-confidence lists of harmful internet resources based on verified threat intelligence, performing continuous monitoring of network traffic, and applying filtering rules at network boundaries while examining how those rules might affect legitimate users. The guidance also encourages service providers to maintain stronger onboarding checks for new customers since criminal operators often hide behind temporary email accounts or phone numbers.


Implications of the sanctions

All assets connected to the named individuals and companies within the United States, the United Kingdom, and Australia will now be frozen. Any organisation or person that continues to conduct transactions with them may face secondary sanctions or other enforcement actions. This step builds on earlier actions taken in February, when the three nations sanctioned ZServers, another Russian hosting operation, while Dutch authorities seized more than one hundred of its servers.

The coordinated announcement signals a growing international effort to dismantle the online infrastructure that ransomware groups depend on. It also reinforces the need for organisations to maintain strong cybersecurity practices, rely on reputable service providers, and monitor threat intelligence to reduce exposure to criminal activity.

Read more »
Mobile Spyware
Android Smartphone CVE CVE exploits CVE vulnerability CVEs Cyber Security Exploits Landfall mobile security measures Mobile Spyware

Samsung Zero-Day Exploit “Landfall” Targeted Galaxy Devices Before April Patch

 

A recently disclosed zero-day vulnerability affecting several of Samsung’s flagship smartphones has raised renewed concerns around mobile device security. Researchers from Palo Alto Networks’ Unit 42 revealed that attackers had been exploiting a flaw in Samsung’s image processing library, tracked as CVE-2025-21042, for months before a security fix was released. The vulnerability, which the researchers named “Landfall,” allowed threat actors to compromise devices using weaponized image files without requiring any interaction from the victim. 

The flaw impacted premium Samsung models across the Galaxy S22, S23, and S24 generations as well as the Galaxy Z Fold 4 and Galaxy Z Flip 4. Unit 42 found that attackers could embed malicious data into DNG image files, disguising them with .jpeg extensions to appear legitimate and avoid suspicion. These files could be delivered through everyday communication channels such as WhatsApp, where users are accustomed to receiving shared photos. Because the exploit required no clicks and relied solely on the image being processed, even careful users were at risk. 

Once installed, spyware leveraging Landfall could obtain access to sensitive data stored on the device, including photos, contacts, and location information. It was also capable of recording audio and collecting call logs, giving attackers broad surveillance capabilities. The targeting appeared focused primarily on users in the Middle East, with infections detected in countries such as Iraq, Iran, Turkey, and Morocco. Samsung was first alerted to the exploit in September 2024 and issued a patch in April, closing the zero-day vulnerability across affected devices.  

The seriousness of the flaw prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to place CVE-2025-21042 in its Known Exploited Vulnerabilities catalog, a list reserved for security issues actively abused in attacks. Federal agencies have been instructed to ensure that any vulnerable Samsung devices under their management are updated no later than December 1st, reflecting the urgency of mitigation efforts.  

For consumers, the incident underscores the importance of maintaining strong cybersecurity habits on mobile devices. Regularly updating the operating system is one of the most effective defenses against emerging exploits, as patches often include protections for newly discovered vulnerabilities. Users are also encouraged to be cautious regarding unsolicited content, including media files sent from unknown contacts, and to avoid clicking links or downloading attachments they cannot verify. 

Security experts additionally recommend using reputable mobile security tools alongside Google Play Protect to strengthen device defenses. Many modern Android antivirus apps offer supplementary safeguards such as phishing alerts, VPN access, and warnings about malicious websites. 

Zero-day attacks remain an unavoidable challenge in the smartphone landscape, as cybercriminals continually look for undiscovered flaws to exploit. But with proactive device updates and careful online behavior, users can significantly reduce their exposure to threats like Landfall and help ensure their personal data remains secure.
Read more »
Nation-State Attack
Chinese Firm Data Breach Data Leak Knownsec Nation-State Attack

Knownsec Breach Exposes Chinese State Cyber Weapons and Global Target List

 

A major data breach at the Chinese security firm Knownsec has exposed more than 12,000 classified documents, providing unprecedented insight into the deep connections between private companies and state-sponsored cyber operations in China. The leaked files reportedly detail a wide array of cyber capabilities, including the use of Remote Access Trojans (RATs) that are capable of infiltrating systems across Windows, Linux, macOS, iOS, and Android platforms.

This breach not only highlights technical vulnerabilities but also reveals how companies like Knownsec can be embedded in national level cyber programs, sometimes carrying out operations on behalf of government agencies. Among the most notable data included in the leak were records stolen from international sources: 95GB of immigration data from India's national databases, 3TB of call logs from South Korea’s LG U Plus, and 459GB of transportation data from Taiwan.

Experts investigating these materials discovered spreadsheets listing 80 foreign targets, including major critical infrastructure and telecommunications enterprises across more than twenty countries and regions, with Japan, Vietnam, India, Indonesia, Nigeria, and the UK among them. The files also described specialized malware for Android—capable of extracting information from popular Chinese messaging apps and Telegram—and referenced the use of hardware-based hacking devices, such as a malicious power bank designed to covertly upload data to victim systems.

Despite efforts to remove the leaked materials from platforms such as GitHub, the contents have already spread among researchers and intelligence circles, offering an unusual glimpse into China’s cyber ecosystem and the scale of its operations. The exposure demonstrates the breadth, organization, and sophistication of these campaigns, suggesting far more coordination between security firms and state entities than previously understood.

In response, Beijing has officially denied any knowledge of a Knownsec breach, reiterating its opposition to cyberattacks but stopping short of disavowing links between the state and private cyber intelligence actors. The researchers emphasize that standard antivirus and firewall protections alone are insufficient against such advanced threats and highlights the need for a multi-layered cyber defense strategy incorporating real-time monitoring, rigorous network segmentation, and AI-driven threat detection to adequately protect organizations from these sophisticated forms of infiltration.
Read more »
Threat actors
AiCloud Exploits ASUS Routers Cyber Attacks Cybersecurity Espionage Campaign Firmware Updates Global Botnet Network Security Router Vulnerabilities Threat actors

Mass Router Hijack Targets End-of-Life ASUS Devices


 

The research team has found an extensive cyber-espionage campaign known as Operation WrtHug, which has quietly infiltrated tens of thousands of ASUS routers across the globe, which is a sign that everyday network infrastructure is becoming increasingly vulnerable. 

A seemingly routine home or small-office device that appears to be ordinary has been covertly repurposed to make up a sophisticated reconnaissance and relay network that has enabled threat actors to operate both anonymously and with great reach. There is a clear pattern in which consumer-grade routers are being strategically used for intelligence gathering, according to SecurityScorecard analysts, a trend that has been on the rise for several months now. 

Security specialists warn of the risk of such compromises becoming an ongoing trend in which outdated or poorly secured home routers are rapidly becoming valuable assets for hostile operators seeking persistence, cover, and distributed access to targeted environments that is no longer isolated incidents. In the last six months, investigators have determined that the operation’s reach has been much wider than they initially thought. 

As a result, over the past few months, nearly 50,000 unique IP addresses have responded to probing for compromised ASUS WRT routers. A chain of six unpatched vulnerabilities allowed the attackers to hijack these end of life or outdated devices and use them to develop a coordinated, globally distributed infrastructure by combining them with a series of unpatched vulnerabilities. 

Taiwan was attributed to the majority of routers infected, and significant clusters of routers were detected across Southeast Asia, Russia, Central Europe, and the United States. As a detail, the researchers noted that there were no infections within China, a detail that implies that the infection originates in China, but the available evidence is still insufficient for conclusive evidence to indicate a Chinese operator may be responsible. 

Moreover, the SecurityScorecard STRIKE team noticed that there were overlaps between the tactics and targeting patterns of Operation WrtHug, as well as the earlier AyySSHush campaign that was detected earlier by GreyNoise in May, suggesting that the campaign may be related to a much broader and well-organized effort to weaponize aging consumer networking products. 

A further analysis reveals that the intrusions seem to be connected to a coordinated effort to exploit a series of well-known vulnerabilities present in end-of-life ASUS WRT routers. This gives attackers the ability to perform full control over devices that remain unpatched, even after the end of the device's useful lifespan.

According to the investigators, each of the compromised routers has the same distinctive self-signed TLS certificate, which is supposed to expire a century after April 2022, suggesting the operation was carried out by the same set of toolset or deployment strategy. A report from SecurityScorecard states that nearly all of the services using this certificate are linked to ASUS's AiCloud platform. 

AiCloud is a proprietary feature that enables users to access their local storage over the internet and has become a convenient entry point for attackers who are leveraging n-day flaws to gain high-level access to hardware which is not supported. Researchers have noted parallels between this campaign and several China-linked ORBs and botnet ecosystems, despite its adherence to the classic profile of an Operational Relay Box network. 

According to the researchers, the attackers are relying on a cluster of vulnerabilities that include CVE-2023-41345, CVE-2023-41346, CVE-2023-41347, CVE-2023-41348, CVE-2023-39780, CVE-2024-12912, and CVE-2025-2492. The AyySSHush botnet is one of the routers that have been exploited in the past. 

A number of the infected IP addresses have been tagged with signs consistent with compromises made by both WrtHug and AyySSHush, which suggests that the two operations may be overlapping. However, researchers caution that any link between the two operations remains speculative and is solely based upon the exploitation of common vulnerabilities, rather than a confirmed coordination effort. According to security experts, the majority of infections that have been identified originate from Taiwan, with minor concentrations spreading throughout Southeast Asia, Russia, Central Europe, and the United States of America. 

A lot of the targeted ASUS models appear to be among the most vulnerable to the campaign-including the 4G-AC55U, 4G-AC860U, DSL-AC68U, GT-AC5300, GT-AX11000, RT-AC1200HP, RT-AC1300GPLUS, and RT-AC1300UHP-many of them no longer receiving updates and can no longer be supported. 

In the opinion of the STRIKE researchers, attackers are initiating their takeover by exploiting a high-impact command injection flaw along with several other known vulnerabilities to take control of the routers by converting them into operational relay boxes designed to conceal commands-and-control activities, so they can be integrated into these networks as a whole. 

It is important to note, however, that the researchers do not confirm the network's full operational role. Instead, they emphasize that the underlying vulnerabilities make these devices exceptionally valuable to hackers. It has been recommended that users immediately update their routers to address all six exploited flaws. 

Users of nonsupported routers, they warn, should either disable the remote access functions or retire them. Researchers noted that the attackers were not using undisclosed zero-day exploits, but rather a series of well-documented n-day vulnerabilities that are still unpatched on older ASUS WRT routers, providing a path to large-scale compromise that was possible without patching. 

Through this weakness, multiple forms of intrusion were possible, including OS command injection, which tricks a device into executing unauthorized system-level instructions, as well as remote code execution, which allows for complete authentication bypass as well. Using ASUS's AiCloud remote access service as a point of entry, SecurityScorecard's STRIKE team found that the threat actors were constantly exploiting ASUS's exposure to the internet, allowing them to gain a foothold on vulnerable devices. 

Once the routers were intruded into an extremely vast, global mesh network of hijacked systems once access had been secured. Research has identified over 50,000 unique IP addresses associated with compromised devices in the past six months alone. Based on analysis, analysts believe that the campaign's behavior resembles that of a covert network known as a Operational Relay Box, which involves repurposing everyday consumer devices as relays for espionage traffic, concealing the true source of espionage activity, and maintaining long-term persistence as a covert infrastructure model. 

As far as ORB-style operations are concerned, China-aligned threat groups are frequently associated with them, and this observation is reinforced by the geographical footprint of the infected devices. Security Scorecard found that about 30% to 50% of the compromised routers were based in Taiwan. Moreover, other concentrations have been observed in the United States, Russia, Southeast Asia and parts of Europe as well. 

There was also another distinctive technical signature that was shared by all of the infected routers, namely, a self-signed TLS certificate that had an unusually long valid period of 100 years, a sign that could be used by researchers to trace the campaign's infrastructure throughout multiple geographical locations. 

Together, these characteristics align closely with the pattern of cyber-espionage activities linked to China—including its choice of targets, methods of exploitation, design of operations, and geographic distribution. An important finding of the investigation is the geographical imbalance in which infected devices were detected, which scientists say is difficult to dismiss as coincidental by the researchers. 

According to analysts, one-third to one-half of all compromised routers identified in Operation WrtHug were traced back to IP addresses located in Taiwan - an overrepresentation that analysts argue is consistent with the long-standing intelligence priorities assigned to China-linked cyber operators, which is why this is an overrepresentation. 

A further striking feature of this study is that there have been no infections within mainland China, apart from a handful detected in Hong Kong, thereby highlighting the possibility of a deliberate targeting effort by the attackers. The attackers also seemed to be very interested in Southeast Asia, where the number of infected devices is substantially higher than the global average. 

In addition, researchers have noted striking tradecraft overlap between WrtHug and AyySSHush, another campaign outlined by GreyNoise earlier that aimed to use ASUS routers to conscript into a persistent botnet. The CVE-2023-39780 command injection vulnerability is used by both of these operations, raising the possibility that they could represent different phases of the same evolving campaign, separate efforts by the same threat actor, or parallel operations that are loosely coordinated.

It is still believed by analysts that WrtHug continues to be an independent campaign despite the fact that it carries the characteristics of a well-resourced adversary even though there is no conclusive evidence to prove it. It remains a fertile ground for such intrusions, despite the absence of conclusive evidence. Small office and home office routers are often installed only to be forgotten, especially as manufacturers discontinue support for them. 

It has become increasingly common for end-of-life devices to be updated automatically, but they still function as usual, and there seems to be little reason for users to replace them despite the mounting security risks. Despite the persistent gap, authorities have been increasingly concerned. The FBI released a public advisory in May calling for users of SOHO routers to disable remote management features as a minimum requirement in order to reduce the chances of compromise by retiring unsupported models. 

During the ongoing unfolding of Operation WrtHug, users' vigilance is becoming increasingly important as the security of global networks continues to become more dependent upon enterprise defenses, as well as the efforts of everyday users. As the findings indicate, households and small businesses need to abandon outdated hardware, implement timely patching, and limit their exposure to remote access services, which silently increase the attack surface of their networks. 

The experts stress that proactive maintenance - once considered optional - has now become a vital component of preventing consumer devices from being used as a tool in geopolitical cyber operations. With the rise of international espionage fueling neglected routers today, even basic security hygiene has become a matter of national importance.
Read more »
Windows update scam
browser fullscreen scam ClickFix Cybersecurity Warning fake Windows update attack malware Windows update scam

Hackers Use Fake Windows Update Screen to Trick Users Into Running Malware Commands

 

A new cyberattack is circulating online, disguising itself as a legitimate Windows update in an effort to deceive users into executing harmful commands that can lead to malware installation.

Daniel B., a cybersecurity researcher with the UK’s National Health Service, discovered the scheme while examining malicious activity online. According to his findings, the operation has been active for about a month on the domain groupewadesecurity[.]com. When users visit the site, their computer—or even their smartphone—may suddenly display what looks like a genuine Windows update blue screen. This screen urges them to complete several keyboard steps.

In reality, the update screen is entirely fraudulent. It’s delivered through the browser and relies on the Fullscreen API to cover the entire display, creating the illusion of a system-level update. The interface then instructs users to press the Windows key along with the R key, which opens the Run dialog box on Windows systems. Meanwhile, the website silently places malicious commands onto the user’s clipboard.

The next prompt tells the user to hit “CTRL + V” to paste—and then press Enter. Anyone who follows these steps unknowingly triggers a command instructing Windows to execute code hosted on the attacker-controlled domain.

This attack is a fresh spin on the ongoing “ClickFix” technique, which has been used for roughly a year to manipulate users into running commands that install malware. Previous ClickFix campaigns have appeared as fake CAPTCHA pages, counterfeit Chrome error messages, and bogus government portals. The method continues to evolve in pursuit of new ways to lure victims. As Daniel B. noted, “The more recent ClickFix campaigns like these fake Windows update pages are a powerful reminder that user vigilance and cybersecurity awareness training are just as critical as technical defenses.”

Thankfully, the attack is relatively simple to detect and avoid. No legitimate website or service will ever ask users to perform such system-level commands. Since the fake screen is just a browser tab in full-screen mode, closing the tab or window immediately stops the attack. Chrome also helps by prompting users to press “ESC” whenever the browser enters full-screen mode unexpectedly.

Despite this, cybersecurity firms say ClickFix-related campaigns are rising sharply. Because the user is the one unknowingly triggering the malicious code, traditional antivirus tools often fail to catch the threat. As ESET warned in June, "The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, post-exploitation tools, and even custom malware from nation-state-aligned threat actors."
Read more »
Subscribe to: Comments (Atom)

Featured