clipboard hijacking

A homepage visit now runs PowerShell on your machine

Gizmodo's homepage served a ClickFix attack routing a pasted URL into PowerShell. The failed boundary is the shell and the user's identity, not the browser.