cyberattack Archives

Tech Optimizer

March 19, 2026

ClickFix Lures Power LeakNet’s Growing Ransomware Attack Chain

The ransomware group LeakNet has evolved its tactics, increasing its average targets from three per month and shifting from purchasing stolen network access to launching its own campaigns. They now use deceptive error screens and a new tool that executes malicious code in a computer's memory. Their strategy includes ClickFix lures, which compromise legitimate websites to display fake security checks, tricking users into executing malicious commands. This method broadens their victim reach and reduces costs. The Deno loader, part of this strategy, collects machine information and retrieves additional malicious code without leaving standard files, making detection difficult. After infiltrating a network, LeakNet checks for active user credentials and uses PsExec for lateral movement, employing Amazon S3 buckets for payload staging and data exfiltration. Defenders are advised to monitor for suspicious behavior rather than just known malicious files, focusing on unusual web commands and unexpected cloud storage connections.

Tech Optimizer

February 11, 2026

NordVPN Stopped Most Phishing Emails in Third-Party Testing, Study Says

NordVPN's Threat Protection Pro blocked 92% of phishing websites in an independent lab test conducted by AV-Comparatives, which evaluated 15 products against 250 verified phishing URLs. The test took place between January 7 and January 19, using Google Chrome for assessments. NordVPN's product ranked fourth, while the top three performers were Avast Free Antivirus and Norton Antivirus Plus (both at 95%) and Webroot SecureAnywhere Internet Security Plus (93%). The software provides protection against phishing attempts and malware infections, even when not connected to a VPN. Phishing attacks have surged by 4,151% since the introduction of ChatGPT in 2022, with companies facing significant financial losses per breach. AI is being used to enhance phishing tactics, including deepfake videos and voice impersonations. Despite its effectiveness, NordVPN's Threat Protection Pro cannot remove existing malware on devices.

Winsage

February 11, 2026

Global Group ransomware gang running new campaign using Windows shortcut files

The Global Group ransomware operates entirely in silent mode, executing all activities locally on the compromised system without relying on a command and control server. It generates the encryption key directly on the host machine, resulting in no actual data exfiltration despite claims in its ransom note. This approach allows for quicker attacks, targeting a broader range of victims while reducing detection risk. The act of encryption alone can compel payment due to significant operational downtime for affected organizations.

Tech Optimizer

February 10, 2026

Why Should Small Businesses Invest In Antivirus Protection?

53% of UK businesses experience cybercrime attempts at least once a month, and 70% of business owners anticipate a cyber attack in the near future, yet only 35% feel adequately prepared. 43% of cyberattacks are directed at small businesses, with over half potentially closing due to the damage. Antivirus software is a cost-effective solution that can prevent data breaches, reduce the likelihood of ransomware, and protect devices of remote workers.

Tech Optimizer

December 2, 2025

When AI Breaks Bad: The Rise of Ransomware and Deepfakes

Artificial Intelligence (AI) is transforming the cybersecurity landscape by enabling sophisticated cyberattacks, such as ransomware and deepfakes. Ransomware has evolved from manual coding to AI-driven automation, making attacks more efficient and harder to stop. AI automates the targeting of victims by analyzing large datasets to identify vulnerabilities. Machine learning allows malware to change its form to evade detection, and ransomware can operate autonomously within networks. Phishing attacks have become more convincing through AI-generated messages that mimic real communications. Deepfakes can create realistic impersonations, leading to financial fraud and extortion, as demonstrated by a 2024 incident resulting in a million loss. Deepfakes also pose risks for manipulation and disinformation, affecting public perception and market dynamics. On the defensive side, AI is utilized in cybersecurity to detect and prevent attacks through anomaly detection, zero-trust security models, and advanced authentication methods. Human training and awareness are crucial for recognizing AI-generated threats. Effective defense requires regulations, shared accountability, and preparedness within organizations, including continuous monitoring and employee training. Collaboration between public agencies and private security firms is essential for a robust response to cyber threats.

Winsage

November 25, 2025

Do Not Download These Windows Security Updates, Experts Warn

Security experts at Huntress have confirmed that hackers are using ClickFix malware to distribute fake Windows security updates, deceiving users into executing harmful commands. Over the past year, these attacks have increased, with both state-sponsored actors and cybercriminal organizations employing this tactic. Microsoft has indicated that ClickFix is the most frequently used method for gaining initial access, representing 47 percent of attacks noted in Microsoft Defender notifications. A report released on November 24 revealed a new wave of ClickFix attacks utilizing realistic Windows Security Update screens to deploy credential-stealing malware. The campaign employs steganography to conceal malware within PNG images, embedding harmful code directly within the pixel data. Windows users are advised to remain vigilant and recognize that legitimate updates will never request users to cut and paste commands into the Windows run prompt from a web page.

Winsage

November 17, 2025

Windows 10 update failure, autonomous AI cyberattack, Feds fumble Cisco patches

Microsoft has acknowledged an issue with the Windows 10 KB5068781 extended security update, which is failing to apply after installation for users with corporate licenses, resulting in a rollback. A group of hackers believed to be backed by China executed a large-scale cyberattack using Claude Code AI, targeting 30 organizations across various sectors. The Cybersecurity and Infrastructure Security Agency (CISA) reported that U.S. government agencies are struggling to patch critical vulnerabilities in Cisco devices amid the “Arcane Door” hacking campaign. Five individuals pleaded guilty to charges related to helping North Korean IT workers infiltrate 136 companies in the U.S. from September 2019 to November 2022. Port Alliance, a Russian port operator, reported disruptions due to a DDoS cyberattack targeting its operations related to coal and mineral fertilizer exports. DoorDash experienced a data breach on October 25, potentially affecting personal details of customers, Dashers, and merchants across the U.S. and Canada, traced back to a social engineering scam. North Korean hackers are using JSON storage services to host and deliver malware, approaching victims with job offers on platforms like LinkedIn. Jaguar Land Rover reported a financial impact of £196 million (0 million) from a cyberattack in September that forced production halts and compromised data.

Tech Optimizer

November 17, 2025

EVALUSION Campaign Using ClickFix Technique to deploy Amatera Stealer and NetSupport RAT

In November 2025, a sophisticated malware campaign emerged, combining social engineering with advanced data theft tools. The attack begins with a tactic called ClickFix, where users are tricked into executing commands in the Windows Run window, leading to the installation of Amatera Stealer, which extracts sensitive information from browsers, cryptocurrency wallets, and password managers. Following this, attackers deploy NetSupport RAT for remote access to the compromised computer. Amatera Stealer employs advanced evasion techniques, including obfuscated PowerShell code and XOR encryption to mislead security efforts. It was originally marketed as ACR Stealer by a group named SheldIO. The infection process starts with a .NET-based downloader that retrieves payloads encrypted with RC2 from platforms like MediaFire. This downloader is packed with Agile.net, complicating analysis for cybersecurity teams. The malware disables AMSI by overwriting the "AmsiScanBuffer" string in memory, neutralizing Windows' security scanning. Amatera communicates with command servers through encrypted channels, using AES-256-CBC for traffic encryption, making inspection difficult. It aggregates stolen data into zip files and sends them to criminal servers, selectively executing additional payloads targeting high-value assets.

AppWizard

October 23, 2025

Controversial dating safety apps Tea and TeaOnHer booted from Apple App Store

Apple has removed the women's safety app Tea and its male counterpart TeaOnHer from the App Store due to failure to meet content moderation and user privacy standards. The decision follows a cyberattack that exposed sensitive user information and concerns about security vulnerabilities in both apps. Apple cited non-compliance with its App Review Guidelines and Developer Code of Conduct. While both apps are no longer available on Apple's platform, they remain accessible on the Android app store.

Winsage

October 21, 2025

Update Microsoft Windows Server, 10 And 11 Now

Microsoft Windows users are facing a significant security vulnerability affecting nearly 200 Common Vulnerabilities and Exposures (CVEs), which has drawn attention from the Cybersecurity and Infrastructure Security Agency (CISA). CISA has issued a warning about a high-severity Windows SMB privilege escalation vulnerability (CVE-2025-33073) that affects Windows Server, 10, and 11, and is already being exploited. CISA has mandated that specific Federal Civilian Executive Branch agencies update their systems within 14 days and has urged all organizations to prioritize timely remediation. CVE-2025-33073 allows an authorized attacker to gain elevated privileges over a network and was initially identified in the June rollout. CISA emphasizes the need for immediate updates to mitigate exposure to potential cyberattacks.