We found fake “verify you are human” pages on hacked WordPress sites that trick Windows users into installing the Vidar ...

ClickFix campaigns spread MacSync macOS infostealer via malicious Terminal commands since Nov 2025, targeting AI tool users and developers.

New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.

Illegally downloading the latest Oscar contender might feel like beating the system. But when the malware kicks in, as Morpheus once said, “Welcome to the real world.” Lurking in the shadows lies a ...

BlackSanta is a malware module that kills EDR and AV at the kernel level prior to unleashing the malware’s final purpose.

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

A handful of scripts can eliminate a lot of work.

Russian hackers target HR departments with BlackSanta malware Infection chain uses phishing emails and malicious ISO files BlackSanta disables EDR tools to enable deeper compromise Russian hackers ...

For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta.

Something else to worry about.

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.