Threat Intelligence , Phishing More covert ClickFix variant targeting Windows detailed April 28, 2026 Share By SC Staff HackRead reports that Windows systems have been subjected to a novel ClickFix attack campaign that leverages fraudulent CAPTCHA pages in the lead up to illicit command execution. Threat actors have used a bogus CAPTCHA security check or browser error to trick targets into pasting and executing a certain command through the Windows Run dialog, with the subsequent exploitation of the cmdkey and regsvr32 utilities leading to credential staging and DLL retrieval for persistence, while ensuring stealth, according to the CyberProof Threat Research Team. With the XML file containing illicit commands stored on their servers, attackers could easily alter instructions without having to deliver another file. Determining the actors' next move has also been complicated by the takedown of their server. "By relying exclusively on trusted Windows components and avoiding obvious malware drops, the attacker achieves a high degree of stealth while maintaining execution reliability," said researchers, who warned users against copy-pasting code from any website into the Windows Run dialog. SC Staff Related Government security Chinese spear-phishing campaign targets NASA employees SC Staff April 28, 2026 NASA had its employees and research collaborators reported by its Office of Inspector General to have been subjected to a Chinese spear-phishing campaign aimed at procuring the agency's sensitive data, The Hacker News reports. Supply chain North Korean hackers operate self-propagating supply chain hack SC Staff April 28, 2026 North Korean state-sponsored threat operation Void Dokkaebi, also known as Famous Chollima, has leveraged phony job interviews to compromise developers with malware as part of a self-spreading supply chain intrusion campaign, GBHackers News reports. Threat Intelligence Experts: Amplification of opportunistic cyberattacks central to Iran’s strategy SC Staff April 28, 2026 Iranian cyber operations against the U.S. were noted by former National Security Agency Director Timothy Haugh and Armadin founder Kevin Mandia to have been mainly focused on opportunistic targeting and information campaigns meant to magnify the impact of intrusions, rather than bombastic cyber incidents, reports The Record, a news site by cybersecurity firm Recorded Future. Related Events Cybercast Better Threat Intelligence Between Public and Private Sectors On-Demand Event Virtual Conference Nationwide Cybersecurity Summit 2025: Safeguarding America’s Digital Future On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting Business Email Compromise (BEC) Defacement Dictionary Attack Distributed Scans Domain Hijacking Dumpster Diving Fault Line Attacks Hybrid Attack Password Cracking You can skip this ad in 5 seconds