Veteran tech website Gizmodo confirmed a compromise on Saturday after readers reported ClickFix malware prompts appearing on article pages.
Users posted screenshots of fake CAPTCHA windows appearing on Gizmodo’s site. The attack aims to fool users into running malicious code via their terminals.
According to Proofpoint threat researcher Tommy M, the attack was seemingly launched by an affiliate of ErrTraffic, a ClickFix-as-a-service program that allows attackers to deliver whichever malware they choose.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Three Supermicro employees charged with conspiracy to smuggle restricted Nvidia chips to China
March 20, 2026
A federal investigation has been launched after the US Department of Justice charged three individuals for allegedly smuggling restricted Nvidia AI chips to China. The three men were not named in court documents, however a statement released by Super Micro Computer Inc. identified those involved. The smuggling allegedly occurred between 2024 and 2025, with billions of ...
- CVE-2026-31381, CVE-2026-31382: Gainsight Assist Information Disclosure and Cross-Site Scripting (FIXED)
March 20, 2026
Rapid7 Labs recently identified a chain of security vulnerabilities in the Gainsight Assist plugin and its interactions with the associated domain app.gainsight.com. These vulnerabilities include an Information Disclosure flaw (CVE-2026-31381) and a Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2026-31382). By chaining these vulnerabilities, an attacker can move from passive information gathering to active client-side exploitation. The XSS ...
- Russian Intelligence Services Target Commercial Messaging Application Accounts
March 20, 2026
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are jointly issuing this public service announcement (PSA) to warn the public about ongoing phishing campaigns by cyber actors associated with the Russian Intelligence Services (RIS) targeting commercial messaging applications (CMAs). RIS actors have compromised individual CMA accounts, but not CMAs’ encryption ...
- Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets
March 20, 2026
The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate information on malicious cyber activity conducted by actors on behalf of the Government of Iran Ministry of Intelligence and Security (MOIS). Specifically, MOIS cyber actors are responsible for using Telegram as a command-and-control (C2) infrastructure to push malware targeting Iranian dissidents, journalists opposed to ...
- French naval officer’s jogging app logs Inadvertently expose France’s aircraft carrier location
March 20, 2026
The relentless pursuit of a personal best is a common motivator for athletes, but for one French naval officer, a routine morning run has now been linked to a national security scare. While the French military typically prides itself on stealth and strategic positioning, the precise coordinates of its flagship were recently broadcast worldwide via a ...
- Cambodia: 9 foreigners nabbed in Phnom Penh cyber-scam raid
March 20, 2026
Eight Chinese nationals and one Malaysian were detained during a raid on a gated community in the capital on Wednesday. A joint force from the Phnom Penh Administrative Unified Command raided a property in the Borey Peng Huot development, located in the Niroth area of Chbar Ampov district. During the operation, officers seized 247 mobile phones ...