Tag: captcha

Crooks compromise WordPress sites to push infostealers via fake CAPTCHA prompts

Mar 10, 2026 6:46 PM

Tags: captcha, wordpress

Rapid7 says crims broke into more than 250 sites globally, including a US Senate candidate’s campaign page First seen on theregister.com Jump to article: www.theregister.com/2026/03/10/crooks_hijack_wordpress_sites/
ClickFix Campaign Exploits Fake LinkedIn VCs to Spread Malware Among Crypto and Web3 Experts

Mar 5, 2026 11:47 AM

Tags: captcha, crypto, cyber, exploit, linkedin, malicious, malware, social-engineering

A highly coordinated malware campaign that targets cryptocurrency and Web3 professionals through fake venture capital (VC) identities on LinkedIn. The operation combines advanced social engineering with cross-platform payloads and a ClickFix-style fake CAPTCHA flow that tricks users into running malicious commands on their own systems. Attackers pose as executives from fictitious funds such as SolidBit…
ClickFix Campaign Exploits Fake LinkedIn VCs to Spread Malware Among Crypto and Web3 Experts

Mar 5, 2026 11:47 AM

Tags: captcha, crypto, cyber, exploit, linkedin, malicious, malware, social-engineering

A highly coordinated malware campaign that targets cryptocurrency and Web3 professionals through fake venture capital (VC) identities on LinkedIn. The operation combines advanced social engineering with cross-platform payloads and a ClickFix-style fake CAPTCHA flow that tricks users into running malicious commands on their own systems. Attackers pose as executives from fictitious funds such as SolidBit…
Microsoft leads takedown of Tycoon2FA phishing service infrastructure

Mar 5, 2026 5:47 AM

Tags: access, authentication, captcha, control, credentials, cybercrime, data, defense, detection, dkim, email, Hardware, infrastructure, malicious, mfa, microsoft, monitoring, network, organized, passkey, phishing, qr, saas, service, threat, tool

Stringent defenses needed: CSOs must employ stringent defenses against tools that use reverse proxies, Beggs said, including strengthening email filtering by enforcing DMARC, DKIM, and SPF; enforcing secure session handling at the edge by using client-bound session tokens tied to device or TLS certificates; ensuring continuous validation by issuing a new challenge when the device fingerprint…
Microsoft leads takedown of Tycoon2FA phishing service infrastructure

Mar 5, 2026 5:47 AM

Tags: access, authentication, captcha, control, credentials, cybercrime, data, defense, detection, dkim, email, Hardware, infrastructure, malicious, mfa, microsoft, monitoring, network, organized, passkey, phishing, qr, saas, service, threat, tool

Stringent defenses needed: CSOs must employ stringent defenses against tools that use reverse proxies, Beggs said, including strengthening email filtering by enforcing DMARC, DKIM, and SPF; enforcing secure session handling at the edge by using client-bound session tokens tied to device or TLS certificates; ensuring continuous validation by issuing a new challenge when the device fingerprint…
OCRFix Botnet Uses ClickFix Phishing and EtherHiding to Mask Blockchain C2 Infrastructure

Mar 2, 2026 9:46 AM

Tags: blockchain, botnet, captcha, cyber, infrastructure, phishing, powershell

OCRFix is a multi-stage botnet Trojan campaign that abuses a fake Tesseract OCR download site, ClickFix-style PowerShell execution, and EtherHiding on BNB Smart Chain to conceal a rotating blockchain-backed command infrastructure. The fake site gates content behind a bogus CAPTCHA and then instructs users to open PowerShell and paste a pre-copied command, a hallmark of…
(g+) Scrapling und Openclaw: Wenn der KI-Agent bewaffnet wird

Feb 28, 2026 11:37 AM

Tags: ai, captcha

Mit Scrapling lassen sich Cloudflare-Captchas vollautomatisch lösen. Für Entwickler ist es praktisch, aber es wird in den falschen Händen schnell zur Gefahr. First seen on golem.de Jump to article: www.golem.de/news/scrapling-und-openclaw-wenn-der-ki-agent-bewaffnet-wird-2602-205878.html
Scrapling und Openclaw: Wenn der KI-Agent bewaffnet wird

Feb 27, 2026 10:36 AM

Tags: ai, captcha

Mit Scrapling lassen sich Cloudflare-Captchas vollautomatisch lösen. Für Entwickler ist es praktisch, aber es wird in den falschen Händen schnell zur Gefahr. First seen on golem.de Jump to article: www.golem.de/news/scrapling-und-openclaw-wenn-der-ki-agent-bewaffnet-wird-2602-205878.html
Smashing Security podcast #456: How to lose friends and DDoS people

Feb 26, 2026 5:37 AM

Tags: ai, attack, captcha, ddos, email, Internet, service

When the mysterious operator of an internet archiving-service decided to silence a curious Finnish blogger, they didn’t just send a stroppy email – they allegedly weaponised their own CAPTCHA page to launch a DDoS attack, threatened to invent an entirely new genre of AI porn, and tampered with parts of their own archive to smear…
ClickFix Infostealer Spreads via Fake CAPTCHA Traps, Targeting Unsuspecting Users

Feb 24, 2026 8:01 AM

Tags: captcha, credentials, cyber, detection, endpoint, threat

A new wave of the ClickFix Infostealer campaign that abuses fake CAPTCHA pages to deliver credential-stealing malware. Initially detected through late-stage Endpoint Detection and Response (EDR) alerts, the campaign shows strong similarities to the ClickFix operation targeting restaurant reservation systems in July 2025, as highlighted in BlueVoyant’s earlier research. Further correlation with recent threat telemetry suggests that this campaign…
13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
New ClickFix Attack Targets Crypto Wallets and 25+ Browsers with Infostealer

Feb 21, 2026 8:02 PM

Tags: attack, captcha, crypto, malicious, powershell

Researchers at CyberProof have identified a new fake captcha campaign linked to the ClickFix operation. This stealthy infostealer targets over 25 browsers, cryptocurrency wallets like MetaMask, and gaming accounts by tricking users into executing malicious PowerShell commands. First seen on hackread.com Jump to article: hackread.com/clickfix-attack-crypto-wallets-browsers-infostealer/
Using threat modeling and prompt injection to audit Comet

Feb 20, 2026 7:01 PM

Tags: access, ai, attack, captcha, control, data, defense, detection, email, endpoint, exploit, framework, injection, Internet, law, least-privilege, LLM, malicious, ml, monitoring, privacy, RedTeam, risk, social-engineering, threat, tool, training, update, vulnerability

Before launching their Comet browser, Perplexity hired us to test the security of their AI-powered browsing features. Using adversarial testing guided by our TRAIL threat model, we demonstrated how four prompt injection techniques could extract users’ private information from Gmail by exploiting the browser’s AI assistant. The vulnerabilities we found reflect how AI agents behave…
Fake CAPTCHA Attack Chain Triggers Enterprise-Wide Malware Infection in Organizations

Feb 18, 2026 12:58 PM

Tags: attack, captcha, cyber, infection, malware, social-engineering, threat

Fake CAPTCHA (ClickFix) pages are enabling threat actors to turn a single user click into an enterprise”‘wide compromise, as seen in a recent incident affecting a major Polish organization. The campaign chained social engineering, DLL side”‘loading, and dual malware families (Latrodectus and Supper) to gain persistence, perform reconnaissance, and prepare the environment for potential follow”‘on…
Fake CAPTCHA Attack Chain Triggers Enterprise-Wide Malware Infection in Organizations

Feb 18, 2026 12:58 PM

Tags: attack, captcha, cyber, infection, malware, social-engineering, threat

Fake CAPTCHA (ClickFix) pages are enabling threat actors to turn a single user click into an enterprise”‘wide compromise, as seen in a recent incident affecting a major Polish organization. The campaign chained social engineering, DLL side”‘loading, and dual malware families (Latrodectus and Supper) to gain persistence, perform reconnaissance, and prepare the environment for potential follow”‘on…
Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

Feb 16, 2026 8:58 PM

Tags: captcha, crypto, malware, password, powershell, scam, windows

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more. The post Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-fake-captcha-scam-stealc-malware-windows/
ClickFix Campaign Uses Fake CAPTCHA Pages to Deliver StealC Malware on Windows

Feb 16, 2026 3:58 PM

Tags: captcha, malware, windows

A ClickFix campaign uses fake CAPTCHA pages to trick Windows users into launching StealC malware. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/clickfix-campaign-uses-fake-captcha-pages-to-deliver-stealc-malware-on-windows/
Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup

Feb 16, 2026 2:58 PM

Tags: captcha, dns, malicious, malware, microsoft, windows

Microsoft warns of a new ClickFix variant that tricks users into running DNS commands to fetch malware via nslookup. Microsoft has revealed a new ClickFix variant that deceives users into running a malicious nslookup command through the Windows Run dialog to retrieve a second-stage payload via DNS. ClickFix typically uses fake CAPTCHA or error messages…
New ClickFix Attack Wave Targets Windows Systems to Deploy StealC Stealer

Feb 13, 2026 7:58 AM

Tags: attack, captcha, credentials, crypto, cyber, email, infection, malicious, powershell, windows

A new wave of ClickFix attacks is targeting Windows users with fake Cloudflare-style CAPTCHA verification pages that trick victims into executing malicious PowerShell commands. This campaign delivers a multi-stage, fileless infection chain that ends with StealC, a powerful information stealer capable of harvesting credentials, cryptocurrency wallets, gaming accounts, emails, and detailed system fingerprints. The operation…
LummaStealer activity spikes post-law enforcement disruption

Feb 12, 2026 4:58 PM

Tags: captcha, law, social-engineering, software

Bitdefender reports a surge in LummaStealer activity, showing the MaaS infostealer rebounded after 2025 law enforcement disruption. Bitdefender observed renewed LummaStealer activity, proving the MaaS infostealer recovered after 2025 takedowns. Active since 2022, it relies on affiliates, social engineering, fake cracked software, and fake CAPTCHA “ClickFix” lures. CastleLoader plays a key role in spreading it.…
Fake CAPTCHA Attacks Exploit Key Entry Point for LummaStealer Malware

Feb 12, 2026 7:58 AM

Tags: attack, captcha, credentials, crypto, cyber, data, exploit, infection, law, malware

Fake CAPTCHA attacks are now a key entry point for a new wave of LummaStealer infections, with CastleLoader loaders turning simple web clicks into full system compromise. Less than a year after a major law-enforcement takedown, the infostealer’s operators have rebuilt at scale and are again harvesting credentials, crypto wallets, and personal data worldwide. LummaStealer…
Living Off the Web: How Fake Captcha Turned Trust Into a Malware Delivery Channel

Jan 27, 2026 5:23 PM

Tags: captcha, malware

Fake Captcha abuses trusted web interactions to deliver malware and evade traditional detection. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/living-off-the-web-how-fake-captcha-turned-trust-into-a-malware-delivery-channel/
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

Jan 27, 2026 4:21 PM

Tags: attack, captcha, control, cybersecurity, microsoft, powershell, service

Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an information stealer called Amatera.”Instead of launching PowerShell directly, the attacker uses this script to control how execution begins and to avoid more common, easily recognized execution paths,” First seen on…
New Fake CAPTCHA Scam Abuses Microsoft Tools to Install Amatera Stealer

Jan 26, 2026 1:18 PM

Tags: captcha, microsoft, scam, tool

Another day, another fake CAPTCHA scam, but this one abuses Microsoft’s signed tools. First seen on hackread.com Jump to article: hackread.com/fake-captcha-scam-microsoft-tools-amatera-stealer/
Fake Captcha Exploits Trusted Web Infrastructure to Distribute Malware

Jan 23, 2026 4:34 PM

Tags: captcha, cyber, exploit, infrastructure, malicious, malware, service

Fake Captcha and >>ClickFix<< lures have emerged as among the most persistent and deceptive malware-delivery mechanisms on the modern web. These pages mimic legitimate verification challenges from trusted services like Cloudflare, tricking users into executing malicious commands disguised as security checks or browser validation steps. What appears to be a routine security interstitial something millions…
2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026

Jan 15, 2026 7:51 PM

Tags: access, ai, application-security, attack, authentication, awareness, backdoor, breach, business, captcha, cloud, compliance, container, control, credentials, credit-card, cybersecurity, data, data-breach, ddos, defense, encryption, exploit, finance, firewall, flaw, google, identity, infrastructure, intelligence, leak, malicious, mitigation, monitoring, network, pypi, risk, service, software, strategy, supply-chain, threat, tool, vulnerability, windows

2025 Threat Landscape in Review: Lessons for Businesses Moving Into 2026 andrew.gertz@t“¦ Thu, 01/15/2026 – 16:48 Nadav Avital – Senior Director of Threat Research at Thales More About This Author > 2025 was a year that tested how businesses think about security. Some attacks happened in new, unexpected ways, while others employed old tricks, taken…
Microsoft-Konto gekapert: Hacker entwickeln Cyberangriffe mit Captchas weiter so schützt du dich

Dec 19, 2025 2:19 PM

Tags: captcha, cyberattack, hacker, microsoft

First seen on t3n.de Jump to article: t3n.de/news/microsoft-konto-gekapert-hacker-cyberangriffe-captchas-weiterentwickelt-1722368/
Neue ClickFix-Kampagne nutzt Fake-Windows-Updates

Nov 26, 2025 3:50 PM

Tags: captcha, cyberattack, endpoint, group, malware, monitoring, phishing, powershell, social-engineering, update, windows

Cyberkriminelle nutzen eine gefälschte Windows-Update-Seite, um Mitarbeiter anzugreifen.Forscher des Security-Anbieters Huntress sind kürzlich auf eine neue ClickFix-Kampagne gestoßen, die auf Mitarbeiter in Unternehmen zielt. Laut Forschungsbericht haben die Angreifer ihre Malware dabei in den Pixeln eines Bildes versteckt, das eine Windows-Update-Seite vortäuscht. Dort werden die Benutzer aufgefordert, auf Ausführen zu klicken, um einen bösartigen Befehl…
New ClickFix attacks use fake Windows Update screens to fool employees

Nov 26, 2025 5:49 AM

Tags: access, attack, awareness, captcha, computer, control, data, defense, detection, edr, email, endpoint, exploit, group, infection, intelligence, malicious, malware, monitoring, network, okta, phishing, powershell, russia, tactics, threat, tool, training, update, windows

Run dialog box, Windows Terminal, or Windows PowerShell. This leads to the downloading of scripts that launch malware.Two new tactics are used in the latest ClickFix campaign, says Huntress:the use since early October of a fake blue Windows Update splash page in full-screen, displaying realistic “Working on updates” animations that eventually conclude by prompting the user to…