Browser attacks without downloads. [Research Saturday]
CyberWire Daily20 Sep 2025

Browser attacks without downloads. [Research Saturday]

Today we are joined by Nati Tal, Head of Guardio Labs, discussing their work “CAPTCHAgeddon” or unmasking the viral evolution of the ClickFix browser-based threat. CAPTCHAgeddon — Shaked Chen’s deep dive into the ClickFix fake-captcha wave — reveals how a red-team trick morphed into a dominant, download-free browser threat that tricks users into pasting clipboard PowerShell/shell commands and leverages trusted infrastructure, including Google Scripts. Guardio’s DBSCAN-based payload clustering exposes distinct attacker toolkits and distribution paths — from malvertising and compromised WordPress to social posts and Git repos — and argues defenders need behavioral, intelligence-driven protections, not just signatures. The research can be found here: “CAPTCHAgeddon” Unmasking the Viral Evolution of the ClickFix Browser-Based Threat Learn more about your ad choices. Visit megaphone.fm/adchoices

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(3653)

Spoofing ships, jamming drones: how GPS manipulation confuses and compromises. [T-Minus: Space-Cyber Briefing]

Spoofing ships, jamming drones: how GPS manipulation confuses and compromises. [T-Minus: Space-Cyber Briefing]

GPS constellations have become foundational in modern society supporting everything from navigation to financial services, making the impacts of GPS disruptions all the more concerning. As reliance o...

7 Juni 26min

You've been muted...permanently. [Research Saturday]

You've been muted...permanently. [Research Saturday]

Ismael Valenzuela, Arctic Wolf’s VP of Labs, Threat Research and Intelligence, discusses their work on "BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web...

6 Juni 21min

The NSA gets an AI upgrade.

The NSA gets an AI upgrade.

Anthropic brings Mythos to the NSA. A Palantir executive emerges as a possible CISA pick. A Linux flaw is under active attack. Minecraft malware goes commercial. An npm package gets caught in the Mias...

5 Juni 31min

Not every headhunter is hiring.

Not every headhunter is hiring.

The Five Eyes issue a rare joint warning on China. Jen Easterly weighs in on Trump’s AI EO. Researchers warn everyday notifications can become AI attack vectors. IronWorm is a sophisticated Rust-based...

4 Juni 30min

The AI race gets a referee.

The AI race gets a referee.

AI oversight arrives at the White House. A Cyber Force gains momentum. Critical infrastructure comes under cyberattack. Acer faces zero-day trouble. A stock exchange executive gets spied on for months...

3 Juni 31min

The bugs are piling up faster than the fixes.

The bugs are piling up faster than the fixes.

A federal watchdog questions NIST over its vulnerability database backlog. Google patches an Android zero-day. Citizen Lab exposes a powerful location-tracking platform. Malware hides commands in Stea...

2 Juni 30min

AI joins the chain of command.

AI joins the chain of command.

Battlefield AI sparks debate. Election cyber threats rise. A critical Windows flaw is under active attack. CISA weighs new reporting rules. Russian targets face a stealthy hacking campaign. A 19-year-...

1 Juni 29min

CyberWire Daily at 10: The evolution of ransomware. [Special Edition]

CyberWire Daily at 10: The evolution of ransomware. [Special Edition]

In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner consider the tactics, trends, and turning points that shaped the threat landscape ...

31 Maj 22min

Populärt inom Politik & nyheter

svenska-fall
motiv
aftonbladet-krim
p3-krim
spar
aftonbladet-daily
flashback-forever
rss-sanning-konsekvens
rss-expressen-dok
rss-krimreportrarna
rss-vad-fan-hande
svd-ledarredaktionen
rss-frandfors-horna
rss-flodet
rss-aftonbladet-krim
politiken
dagens-eko
spotlight
olyckan-inifran
rss-krimstad