The malware targets macOS users only and serves commodity infostealers.

A critical-level flaw in a popular CMS, patched months ago, is now being abused.

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

A Kash Patel-linked merchandise website went offline after a suspected hack allegedly tricked visitors into downloading ...

ClickFix scams trick users into infecting their own devices by following fake security and browser troubleshooting instructions.

Exploitation of open-source tools allows attackers to maintain persistent access after initial social engineering, warn ReliaQuest researchers ...

Sites belonging to major universities such as Harvard and Oxford, as well as DuckDuckGo, have been compromised in the attack.

ClickFix campaigns are gaining steam according to various security researchers, with recent campaigns spotted across the globe from a wide swath of cyberattackers. The increasingly popular tactic ...

A new macOS social engineering campaign highlights why waiting three months to enforce software updates is a massive security ...

Security experts reveal how easy it is to get fooled by this scam and what to do if you think you've been targeted.