Pen Test Partners

ClickFix, CrashFix and the growing family of copy and paste attacks

TL;DR Introduction At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...
Dark Reading

DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

A sneaky IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones ...
Dark Reading

Cutting-Edge ClickFix Tactics Snowball, Pushing Phishing Forward

ClickFix campaigns are gaining steam according to various security researchers, with recent campaigns spotted across the globe from a wide swath of cyberattackers. The increasingly popular tactic ...

Kash Patel's 'BasedApparel' website is apparently hosting ClickFix malware

The malware targets macOS users only and serves commodity infostealers.
TechRadar

State-sponsored actors spotted using ClickFix hacking tool developed by criminals

Proofpoint says multiple state-sponsored groups seen using ClickFix attack technique Russians, North Koreans, and Iranians all involved State-sponsored actors are mostly engaged in cyber-espionage The ...
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
Forbes

Do Not Download These Windows Security Updates, Experts Warn

ClickFix attack employs fake Windows security udpates. Updated November 27 with another Windows update warning, along with threat intelligence from the Acronis Threat Research Unit regarding the use ...
CSOonline

ClickFix finds a backup plan in PySoxy proxy chains

ReliaQuest observed attackers pairing ClickFix with the PySoxy proxy tool to establish redundant encrypted access paths and persistence on compromised systems. ClickFix, a one-shot social engineering ...
Yahoo Finance

ESET Threat Report: ClickFix fake error surges, spreads ransomware and other malware

“The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, post-exploitation tools, and even custom malware from ...