RC RANDOM CHAOS

ClickFix

2 posts

A homepage visit now runs PowerShell on your machine
Article

A homepage visit now runs PowerShell on your machine

Gizmodo's homepage served a ClickFix attack routing a pasted URL into PowerShell. The failed boundary is the shell and the user's identity, not the browser.

Harvard.edu among 141 hosts serving ClickFix lures
Article

Harvard.edu among 141 hosts serving ClickFix lures

Technical analysis of the campaign that weaponised harvard.edu and 140 other legitimate sites - entry vectors, TDS chain, MITRE mapping, EDR telemetry.