A：ClickFix攻击的新策略是让受害者使用Windows + X → I快捷键直接启动Windows终端，而不是之前的Windows + R打开运行对话框。这种方式可以躲避寻找异常运行命令的防御系统，并绕过相关的安全意识培训。

The malware disables antivirus and EDR protections at the kernel level, clearing the path for credential harvesting, system reconnaissance, and eventual data exfiltration. An ongoing campaign, ...

For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta.

Something else to worry about.

ESET researchers document how the Sednit APT group has reemerged with a modern toolkit centered on two paired implants – BeardShell and Covenant.

A new ClickFix attack variant uses fake CAPTCHA pages instructing victims to paste and execute malicious commands in Windows Terminal.

A modern Task Scheduler for Windows 11 exists now, and honestly Microsoft should be embarrassed. Plus, it's free.

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

近期，Neowin报道了一起极具代表性的新型网络钓鱼活动，揭示了攻击者如何利用合法软件作为载体劫持用户计算机。在该案例中，攻击者并未直接分发含有恶意代码的可执行文件，而是诱导用户下载并运行完全合法、拥有有效数字签名的软件工具（如AnyDesk、Tea ...

Unwitting victims are now being tricked into installing malware via Windows Terminal, but some experts say this is old news.

VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe ...

In ClickFix attacks, victims are supposed to execute commands themselves to infect their systems. One campaign relies on Windows Terminal.