ثغرة حقن SQL حرجة في Ghost CMS استُغلّت لاختراق 700 موقع بينها Harvard وOxford بهجمات ClickFix المعرّف : CVE-2026-26980 درجة الخطورة : 9.4 (CVSS) - Critical الإصدارات : Ghost 3.24.0 - 6.19.0 الحل : Upgrade to Ghost 6.19.1 #CVE #Ghost #CyberSecurity

【被害拡大】Windows Updateの罠！見慣れた画面でPCを乗っ取る詐欺を徹底解説【ClickFix】 youtu.be/aZfMGWsDNDI?si=p3LC… @YouTubeより

ClickFix攻撃ですね。 何も知らないユーザーを誘導して悪意あるコードを直接コマンド実行させるからセキュリティを突破しやすい。 digitalsales.alsok.co.jp/col…

ClickFixですね。 x.com/i/web/status/206559431…

> "hey bro i found malware" > sends link > "its clickfix" > look inside > nothing > ??? > realize uBlock origin blocked it is this slop clickfix?

🔒 CYBERSECURITY, PRIVACY & OPEN SOURCE ROUNDUP — June 13, 2026 1️⃣ OPEN-SOURCE TOOL PRESERVES HUMAN RIGHTS EVIDENCE The Tor Project highlights OpenArchive's free open-source Save app and DWeb Storage, tools designed to help communities securely archive, verify, and encrypt mobile media documenting human rights violations. These tools empower whistleblowers and journalists to preserve evidence without putting themselves or the records at risk, combining on-device encryption with decentralized storage to ensure data sovereignty. @torproject 2️⃣ MACOS MALWARE CAMPAIGN EXPLOITS FAKE HOMEBREW ADS The Atomic macOS Stealer (AMOS) campaign is using fake Homebrew package manager advertisements to deploy persistent malware on macOS systems. Malware Traffic Analysis published the complete infection chain with network captures and extracted samples. Attackers disguise malicious payloads as legitimate Homebrew packages, tricking developers into installing stealers that persist across system restarts and exfiltrate credentials, tokens, and sensitive files. @DFIR_Radar 3️⃣ SERVICENOW BREACH EXPOSES CUSTOMER DATA VIA UNAUTHENTICATED API A ServiceNow breach exploited an unauthenticated API endpoint that exposed customer instance data, including support tickets and employee records. The vulnerability allowed unrestricted access to `/api/now/related_list_edit/create`, enabling attackers to extract sensitive organizational information. Security teams are advised to review logs for requests originating from the identified attacker IP range and restrict API endpoint access. @DFIR_Radar 4️⃣ CLICKFIX PHISHING CAMPAIGN DELIVERS CUSTOM RAT A new Amazon-themed ClickFix campaign is delivering HarborWatch Agent, a custom monitoring Remote Access Trojan. The multi-stage attack begins with a phishing email that leads to a fake CAPTCHA verification page, which then tricks victims into downloading the malware. The social engineering component turns victims into their own infection vector by convincing them they need to verify their security status. @DFIR_Radar 5️⃣ SPLITUN ENTERPRISE ZERO-DAY RCE WITH CVSS 9.8 Splunk Enterprise has a critical pre-authentication remote code execution vulnerability (CVE-2026-20253, CVSS 9.8) exploitable via a PostgreSQL sidecar bypass. AWS deployments are affected by default, and the flaw allows unauthenticated attackers to write arbitrary files, leading to full code execution with Splunk-level privileges. The vulnerable endpoint bypasses application-level authentication entirely, highlighting the risks of exposing database services. @DFIR_Radar 6️⃣ CONTI RANSOMWARE OPERATIVE PLEADS GUILTY IN US COURT Ukrainian national Oleksii Lytvynenko has pleaded guilty in the United States to wire fraud conspiracy linked to the Conti ransomware group. The operation attacked more than 1,000 victims and generated at least $150 million in ransom payments. The conviction is part of ongoing international efforts to dismantle ransomware infrastructure and hold individual operators accountable for cybercrimes. @HackRead 7️⃣ ORACLE PEOPLESOFT ZERO-DAY ACTIVELY EXPLOITED A critical Oracle PeopleSoft vulnerability has been actively exploited as a zero-day attack targeting organizational data. Google confirmed exploitation activity, and reports link the attacks to a threat actor group known as Shiny Hunters. Oracle has issued mitigation guidance, but the widespread deployment of PeopleSoft in enterprise environments means organizations face significant risk until patches are applied. @SecWeekly 💭 The threat landscape continues to evolve with sophisticated supply-chain attacks targeting developers and critical enterprise software under constant pressure. From macOS malware disguised as package manager updates to zero-days in monitoring platforms like Splunk, the message is clear: every component in your stack is a potential entry point. Meanwhile, open-source tools like OpenArchive remind us that transparency and community-driven security remain essential defenses against both cyber threats and authoritarian surveillance. Which of these vulnerabilities keeps you up at night — or which one are you patching first? 👇 #Cybersecurity #OpenSource #Privacy #CVE #Ransomware #InfoSec #ZeroDay

x.com/Garnet3106/status/2065… 「AdGuard最強ｗ」 とか言ってる人居るけどこの系統のclickfix攻撃は「過去に」「AdGuard」を「貫通」してきてるのでそもそもリキャプチャ認証自体信用してないｗおいスクエニお前も同罪だぞリキャプチャさせる為の画像を高頻度で変えまくりやがってからにｗｗｗ

Clickfix… be careful

気をつけましょう。 【超危険】「更新作業中」の罠！見慣れた画面でPCを乗っ取る最新詐欺『ClickFix』の仕組みと防御策 youtu.be/QSdXojhMnYI?si=vNz3… @YouTubeより

Clickfix. We’ve seen a few real world cases at work where users have gone through the whole process and entered credentials. Did a phishing simulation with it and “caught” 13 people and full creds.

ターミナル開かせてコマンド打たせてる ClickFixってやつ

#threatreport #HighCompleteness SilabRAT, What’s Your Power? | 10-06-2026 Source: group-ib.com/blog/silabrat-h… Key details below ↓ 🧑‍💻Actors/Campaigns: O1oo1 (🧠motivation: financially_motivated, cyber_criminal) 💀Threats: Silabrat, Snappyclient, Hijackloader, Hvnc_tool, Asmcrypt, Clickfix_technique, Uac_bypass_technique, Icmluautil_tool, Lockbit, Blackmatter, Credential_harvesting_technique, 🎯Victims: Finance, Cryptocurrency 🌐Geo: Russian 📚TTPs: ⚔️Tactics: 3 🛠️Technics: 32 🧨IOCs: - File: 1 - Hash: 4 - IP: 1 💽Software: Chrome, Chromium, MinHook, TightVNC, Electron 📲Wallets: ledger_wallet, trezor 🔢Algorithms: chacha20-poly1305, lzma, base58 🗂️Win API: NtOpenFile, ZwQueryFullAttributesFile, AmsiScanBuffer, AmsiScanString ⚙️Win Services: GoogleChromeElevationService 💻Platforms: x86, x64 #threatreport: SilabRAT, also referred to as SnappyClient, is an advanced Remote Access Trojan (RAT) primarily focused on financial gain through credential theft. Developed by the threat actor known as o1oo1, it has been sold on Darkweb forums as a Malware-as-a-Service (MaaS) since late 2025. SilabRAT is notable for its use of Hidden Virtual Network Computing (HVNC), which allows it to maintain remote control capabilities while avoiding detection by users and security systems. Its deployment methods include email spam and ClickFix campaigns, where social engineering is leveraged to compromise victims. SilabRAT's capabilities are extensive. It can perform session hijacking, browser profile cloning, and even bypass Chrome’s App-Bound Encryption (ABE) using a DLL to exploit system processes. This enables the malware to extract browser saved passwords and cookies without detection. Additionally, it has features tailored for cryptocurrency operations, such as identifying wallet addresses and attempting to crack passwords associated with cryptocurrency wallets. The malware's architecture supports real-time control and monitoring of infected machines, allowing operators to remotely execute commands, capture keystrokes, and manage data theft activities. The RAT is built on an operator-hosted model where buyers set up and run their own Command-and-Control (C2) servers without sharing infrastructure with others. This setup provides attackers a higher level of operational security and control over their campaigns. The subscription for SilabRAT has been priced at approximately $5,000 per month, and it can be bundled with AsmCrypt, an obfuscation tool developed by o1oo1, facilitating the malware's stealth capabilities. As for its installation and persistence techniques, SilabRAT can utilize Windows Registry Run keys and Scheduled Tasks to ensure it executes upon user logon or at specified intervals, ensuring its longevity on infected machines. The malware also incorporates simple defense evasion techniques, including interference with Anti-Malware Scan Interface (AMSI) functions. Given the evolving nature of malware, additional features and enhancements are likely, with future plans for customizable code injection targeting Electron-based applications on platforms associated with cryptocurrency.

ClickFixで草

「ClickFix」なんていう手口か…

はいこれがClickFixです。クリップボードの中身が面白いことになってます

I highly recommend NextDNS. They use an AI called "threat Intelligence" that will HELP stop the captchas or the payload from downloading in the first place due to domain blocking. This threat is called ClickFix.