ALL POSTS

Key Findings Microsoft warns of a new ClickFix variant that tricks users into running a malicious nslookup command through the Windows Run dialog to retrieve a second-stage payload via DNS. Attackers use cmd.exe to perform a DNS lookup against a hard-coded external server, and the `Name:` response is extracted and executed as the second-stage payload. This DNS-based approach allows attackers to signal and deliver payloads via their own infrastructure, reducing reliance on web

Key Findings Microsoft has disclosed details of a new version of the ClickFix social engineering tactic that uses DNS lookups to retrieve malware payloads. The attack tricks users into running commands through the Windows Run dialog that perform a DNS lookup to an external server controlled by the attackers. The DNS response is then executed as the second-stage payload, allowing the threat actors to reach infrastructure under their control and establish a new validation layer

Key Findings North Korea-linked threat actor UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated video to deceive victims UNC1069 has a history of conducting social engineering campaigns for financial gain using fake meeting invites and posing as investors from reput