ClickFix
2 posts
Article
A homepage visit now runs PowerShell on your machine
Gizmodo's homepage served a ClickFix attack routing a pasted URL into PowerShell. The failed boundary is the shell and the user's identity, not the browser.
Article
Harvard.edu among 141 hosts serving ClickFix lures
Technical analysis of the campaign that weaponised harvard.edu and 140 other legitimate sites - entry vectors, TDS chain, MITRE mapping, EDR telemetry.