Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
Infosecurity Magazine

Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence

Exploitation of open-source tools allows attackers to maintain persistent access after initial social engineering, warn ReliaQuest researchers ...
Hosted on MSN

Fresh ClickFix attacks use Windows Update trick-pics to steal credentials

A fresh wave of ClickFix attacks is using fake Windows update screens to trick victims into downloading infostealer malware.… ClickFix is a type of social engineering technique that tricks users into ...

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
Infosecurity Magazine

Attackers Abuse Shared Content for ChatGPT Phishing Campaign

Victims are initially lured to the fake pages by malicious Google ads and SEO poisoning. Clicking through takes them to a ...

Kash Patel's 'BasedApparel' website is apparently hosting ClickFix malware

The malware targets macOS users only and serves commodity infostealers.
Dark Reading

'JackFix' Attack Circumvents ClickFix Mitigations

A new spin on the ClickFix attack is making the rounds, and it's designed to circumvent some of the strategies organizations have for mitigating them. ClickFix and its slightly more elegant offshoot, ...
Fox News

Fake Windows update pushes malware in new ClickFix attack

Cybercriminals keep getting better at blending into the software you use every day. Over the past few years, we've seen phishing pages that copy banking portals, fake browser alerts that claim your ...
AOL

CAPTCHA test scam hijacks victim’s data in the most ‘diabolical’ way — here’s how to spot a ‘ClickFix’ attack

A Toronto college student named Alexandra nearly fell prey to an insidious new scheme masquerading as the CAPTCHA test. It’s a digital wolf in sheep’s clothing. A Toronto college student has issued a ...