![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 112 36" xmlns="http://www.w3.org/2000/svg"><g d="M 57.743 29.066 L 55.41 23.647 L 44.303 23.647 L 41.97 29.066 L 38.734 29.066 L 48.504 7.112 L 51.179 7.112 L 60.948 29.066 L 57.744 29.066 Z M 45.392 21.094 L 54.321 21.094 L 49.872 10.693 L 45.392 21.094 Z M 71.506 16.143 L 69.609 16.33 C 68.115 16.475 67.042 16.932 66.388 17.7 C 65.735 18.468 65.409 19.444 65.409 20.627 L 65.409 29.066 L 62.266 29.066 L 62.266 13.87 L 65.315 13.87 L 65.315 16.517 C 66.124 14.731 67.773 13.745 70.262 13.558 L 71.289 13.496 Z M 85.644 21.997 L 74.911 21.997 C 75.139 25.215 76.736 26.824 79.702 26.824 C 81.444 26.824 83.02 26.253 84.431 25.111 L 85.395 27.322 C 84.69 27.925 83.819 28.402 82.782 28.755 C 81.76 29.105 80.688 29.284 79.608 29.284 C 77.182 29.284 75.268 28.589 73.868 27.198 C 72.468 25.807 71.768 23.886 71.768 21.437 C 71.768 19.879 72.074 18.499 72.686 17.295 C 73.297 16.091 74.159 15.157 75.268 14.492 C 76.378 13.828 77.638 13.496 79.048 13.496 C 81.102 13.496 82.714 14.161 83.886 15.489 C 85.058 16.818 85.644 18.655 85.644 21.001 L 85.644 21.997 Z M 76.233 16.937 C 75.517 17.695 75.087 18.78 74.942 20.191 L 82.938 20.191 C 82.875 18.78 82.518 17.695 81.864 16.937 C 81.211 16.179 80.293 15.8 79.111 15.8 C 77.908 15.8 76.948 16.179 76.233 16.937 Z M 96.827 26.762 L 96.671 29.159 C 96.136 29.244 95.595 29.285 95.053 29.284 C 93.083 29.284 91.616 28.801 90.651 27.836 C 89.687 26.871 89.204 25.475 89.204 23.647 L 89.204 16.298 L 86.249 16.298 L 86.249 13.87 L 89.204 13.87 L 89.204 9.292 L 92.346 9.292 L 92.346 13.87 L 96.516 13.87 L 96.516 16.298 L 92.346 16.298 L 92.346 23.523 C 92.346 25.745 93.373 26.855 95.427 26.855 C 95.904 26.855 96.37 26.824 96.827 26.762 Z M 111.524 21.997 L 100.791 21.997 C 101.019 25.215 102.616 26.824 105.582 26.824 C 107.324 26.824 108.901 26.253 110.311 25.111 L 111.276 27.322 C 110.571 27.925 109.699 28.402 108.663 28.755 C 107.641 29.105 106.569 29.284 105.489 29.284 C 103.062 29.284 101.149 28.589 99.749 27.198 C 98.349 25.807 97.649 23.886 97.649 21.437 C 97.649 19.879 97.955 18.499 98.567 17.295 C 99.178 16.091 100.039 15.157 101.149 14.492 C 102.259 13.828 103.518 13.496 104.929 13.496 C 106.983 13.496 108.595 14.161 109.767 15.489 C 110.939 16.818 111.525 18.655 111.525 21.001 L 111.525 21.997 Z M 102.113 16.937 C 101.397 17.695 100.967 18.78 100.822 20.191 L 108.818 20.191 C 108.756 18.78 108.398 17.695 107.745 16.937 C 107.091 16.179 106.173 15.8 104.991 15.8 C 103.788 15.8 102.829 16.179 102.113 16.937 Z M 18.59 0.004 L 18.588 0 L 18.585 0.004 L 18.59 0.004 Z M 25.905 31.531 L 13.69 31.531 L 19.009 22.123 L 20.858 22.123 L 13.69 8.75 L 18.633 0.033 C 4.539 -0.849 -5.135 16.091 2.932 27.851 L 12.45 10.858 L 17.644 20.515 L 10.073 34.196 C 15.163 36.837 22.157 36.59 27.026 33.627 Z M 32.892 7.935 C 29.684 3.188 24.399 0.193 18.585 0 L 33.304 27.442 C 36.977 21.825 36.784 13.374 32.892 7.935 Z M 35.96 27.098 C 36.134 27.097 36.305 27.143 36.455 27.232 C 36.527 27.275 36.593 27.326 36.653 27.385 C 36.774 27.505 36.861 27.655 36.905 27.819 C 36.928 27.902 36.94 27.989 36.94 28.079 C 36.941 28.339 36.837 28.588 36.653 28.771 C 36.593 28.831 36.527 28.882 36.455 28.924 C 36.305 29.013 36.134 29.059 35.96 29.059 C 35.787 29.059 35.616 29.013 35.467 28.924 C 35.247 28.795 35.086 28.585 35.017 28.34 C 34.993 28.255 34.982 28.167 34.982 28.079 C 34.981 27.905 35.028 27.734 35.116 27.584 C 35.245 27.364 35.455 27.202 35.7 27.133 C 35.783 27.109 35.87 27.098 35.96 27.098 Z M 35.96 28.938 C 36.112 28.938 36.26 28.898 36.391 28.822 C 36.517 28.748 36.622 28.642 36.695 28.515 C 36.77 28.382 36.81 28.232 36.81 28.079 C 36.811 27.851 36.722 27.631 36.562 27.467 C 36.485 27.389 36.394 27.326 36.293 27.282 C 36.188 27.237 36.074 27.214 35.96 27.214 C 35.809 27.214 35.661 27.254 35.532 27.332 C 35.406 27.407 35.303 27.514 35.231 27.642 C 35.194 27.705 35.166 27.775 35.147 27.849 C 35.088 28.073 35.118 28.312 35.231 28.515 C 35.267 28.579 35.311 28.637 35.362 28.688 C 35.464 28.793 35.593 28.869 35.734 28.908 C 35.807 28.928 35.884 28.938 35.96 28.938 Z M 35.944 27.479 C 36.099 27.479 36.213 27.507 36.286 27.562 C 36.36 27.618 36.397 27.701 36.397 27.81 C 36.397 27.894 36.373 27.966 36.326 28.025 C 36.279 28.084 36.208 28.124 36.113 28.145 C 36.128 28.155 36.141 28.167 36.152 28.18 C 36.164 28.194 36.174 28.209 36.184 28.227 L 36.49 28.675 L 36.29 28.675 C 36.26 28.675 36.239 28.664 36.226 28.642 L 35.955 28.237 C 35.947 28.226 35.938 28.216 35.926 28.21 C 35.91 28.203 35.892 28.199 35.874 28.2 L 35.769 28.2 L 35.769 28.675 L 35.56 28.675 L 35.56 27.479 L 35.944 27.479 Z M 35.923 28.047 C 36.022 28.047 36.092 28.029 36.132 27.993 C 36.172 27.957 36.192 27.905 36.192 27.837 C 36.192 27.804 36.188 27.775 36.179 27.749 C 36.171 27.725 36.157 27.704 36.138 27.688 C 36.118 27.672 36.093 27.66 36.061 27.652 C 36.023 27.643 35.984 27.639 35.944 27.639 L 35.769 27.639 L 35.769 28.047 Z" fill="transparent" height="36.02406699730487px" id="k9KBmMWIt" width="111.52495257627515px"><path d="M 19.009 21.954 L 16.676 16.535 L 5.569 16.535 L 3.236 21.954 L 0 21.954 L 9.769 0 L 12.445 0 L 22.214 21.954 L 19.009 21.954 Z M 6.658 13.982 L 15.587 13.982 L 11.138 3.581 L 6.658 13.982 Z M 32.772 9.031 L 30.875 9.217 C 29.381 9.363 28.307 9.82 27.654 10.588 C 27.001 11.356 26.674 12.331 26.674 13.515 L 26.674 21.954 L 23.532 21.954 L 23.532 6.757 L 26.581 6.757 L 26.581 9.404 C 27.39 7.619 29.039 6.633 31.528 6.446 L 32.554 6.384 Z M 46.91 14.885 L 36.176 14.885 C 36.404 18.103 38.001 19.712 40.967 19.712 C 42.709 19.712 44.286 19.141 45.696 17.999 L 46.661 20.21 C 45.956 20.812 45.084 21.29 44.048 21.642 C 43.026 21.993 41.954 22.172 40.874 22.172 C 38.447 22.172 36.534 21.476 35.134 20.085 C 33.734 18.695 33.034 16.774 33.034 14.325 C 33.034 12.767 33.34 11.387 33.952 10.183 C 34.563 8.979 35.424 8.045 36.534 7.38 C 37.644 6.716 38.903 6.384 40.314 6.384 C 42.368 6.384 43.98 7.049 45.152 8.377 C 46.324 9.705 46.91 11.543 46.91 13.889 L 46.91 14.885 Z M 37.498 9.825 C 36.783 10.583 36.352 11.667 36.208 13.079 L 44.203 13.079 C 44.141 11.667 43.783 10.583 43.13 9.825 C 42.476 9.067 41.559 8.688 40.376 8.688 C 39.173 8.688 38.214 9.067 37.498 9.825 Z M 58.092 19.65 L 57.937 22.047 C 57.402 22.131 56.861 22.173 56.319 22.172 C 54.348 22.172 52.881 21.689 51.917 20.724 C 50.952 19.758 50.47 18.362 50.47 16.535 L 50.47 9.186 L 47.514 9.186 L 47.514 6.757 L 50.47 6.757 L 50.47 2.18 L 53.612 2.18 L 53.612 6.757 L 57.781 6.757 L 57.781 9.186 L 53.612 9.186 L 53.612 16.411 C 53.612 18.633 54.639 19.743 56.692 19.743 C 57.169 19.743 57.636 19.712 58.092 19.65 Z M 72.79 14.885 L 62.057 14.885 C 62.285 18.103 63.882 19.712 66.848 19.712 C 68.59 19.712 70.166 19.141 71.577 17.999 L 72.541 20.21 C 71.836 20.812 70.965 21.29 69.928 21.642 C 68.907 21.993 67.834 22.172 66.755 22.172 C 64.328 22.172 62.415 21.476 61.015 20.085 C 59.614 18.695 58.915 16.774 58.915 14.325 C 58.915 12.767 59.22 11.387 59.833 10.183 C 60.444 8.979 61.305 8.045 62.415 7.38 C 63.524 6.716 64.784 6.384 66.195 6.384 C 68.248 6.384 69.861 7.049 71.032 8.377 C 72.204 9.705 72.791 11.543 72.791 13.889 L 72.791 14.885 Z M 63.379 9.825 C 62.663 10.583 62.233 11.667 62.088 13.079 L 70.084 13.079 C 70.021 11.667 69.664 10.583 69.01 9.825 C 68.357 9.067 67.439 8.688 66.257 8.688 C 65.054 8.688 64.095 9.067 63.379 9.825 Z" fill="rgb(3, 30, 69)" height="22.171785837354594px" id="TfTSuxpal" transform="translate(38.734 7.112)" width="72.79063479673414px"/><path d="M 0.004 0.004 L 0.002 0 L 0 0.004 L 0.004 0.004 Z" fill="transparent" height="1px" id="Ix0aRV1Su" transform="translate(18.585 0)" width="1px"/><path d="M 25.905 31.531 L 13.69 31.531 L 19.009 22.123 L 20.858 22.123 L 13.69 8.75 L 18.633 0.033 C 4.539 -0.849 -5.135 16.091 2.932 27.851 L 12.45 10.858 L 17.644 20.515 L 10.073 34.196 C 15.163 36.837 22.157 36.59 27.026 33.627 Z" fill="rgb(3, 30, 69)" height="36.02406699730487px" id="jz53ksZqS" transform="translate(0 0)" width="27.026077720786155px"/><path d="M 14.307 7.935 C 11.098 3.188 5.813 0.193 0 0 L 14.719 27.442 C 18.392 21.825 18.199 13.374 14.307 7.935 Z" fill="rgb(21, 140, 234)" height="27.442009444388624px" id="STGA6Lb1D" transform="translate(18.585 0)" width="17.354255850317415px"/><path d="M 0.978 0 C 1.152 -0.001 1.323 0.046 1.473 0.134 C 1.545 0.177 1.611 0.228 1.671 0.288 C 1.792 0.408 1.879 0.557 1.923 0.721 C 1.946 0.805 1.958 0.892 1.958 0.982 C 1.959 1.241 1.855 1.491 1.671 1.673 C 1.611 1.733 1.545 1.784 1.473 1.827 C 1.323 1.915 1.152 1.962 0.978 1.961 C 0.805 1.962 0.634 1.915 0.485 1.827 C 0.265 1.697 0.104 1.488 0.035 1.242 C 0.011 1.157 0 1.07 0 0.982 C -0.001 0.808 0.046 0.636 0.134 0.486 C 0.264 0.266 0.473 0.105 0.718 0.035 C 0.801 0.012 0.888 0 0.978 0 Z M 0.978 1.84 C 1.13 1.841 1.278 1.801 1.409 1.724 C 1.535 1.65 1.64 1.544 1.713 1.417 C 1.789 1.285 1.828 1.135 1.828 0.982 C 1.829 0.753 1.74 0.533 1.581 0.37 C 1.503 0.291 1.412 0.228 1.311 0.185 C 1.206 0.139 1.093 0.116 0.978 0.117 C 0.828 0.116 0.68 0.157 0.55 0.234 C 0.425 0.309 0.321 0.416 0.249 0.544 C 0.213 0.608 0.184 0.677 0.165 0.751 C 0.106 0.976 0.136 1.214 0.249 1.417 C 0.285 1.481 0.329 1.539 0.38 1.591 C 0.482 1.696 0.611 1.771 0.752 1.81 C 0.826 1.831 0.902 1.841 0.978 1.841 Z M 0.962 0.381 C 1.117 0.381 1.231 0.409 1.304 0.465 C 1.378 0.521 1.415 0.603 1.415 0.713 C 1.415 0.796 1.391 0.868 1.344 0.927 C 1.297 0.986 1.226 1.026 1.131 1.048 C 1.146 1.057 1.159 1.069 1.17 1.083 C 1.182 1.096 1.192 1.112 1.202 1.13 L 1.508 1.578 L 1.308 1.578 C 1.278 1.578 1.257 1.566 1.244 1.544 L 0.973 1.139 C 0.965 1.128 0.956 1.119 0.944 1.112 C 0.928 1.105 0.91 1.102 0.893 1.103 L 0.787 1.103 L 0.787 1.578 L 0.578 1.578 L 0.578 0.381 L 0.962 0.381 Z M 0.941 0.95 C 1.04 0.95 1.11 0.932 1.15 0.895 C 1.19 0.859 1.21 0.807 1.21 0.739 C 1.21 0.706 1.206 0.677 1.198 0.652 C 1.189 0.627 1.175 0.606 1.156 0.59 C 1.136 0.574 1.111 0.562 1.079 0.554 C 1.041 0.545 1.002 0.541 0.962 0.542 L 0.787 0.542 L 0.787 0.95 Z" fill="rgb(3, 30, 69)" height="1.960998806562329px" id="twRTkXzp_" transform="translate(34.982 27.098)" width="1.9578807795313635px"/></g></svg>)
Article
Max-Severity React2Shell Vulnerability
Dec 15, 2025
Arete Analysis
Cybersecurity Trends
Combating Ransomware
A maximum-severity flaw in the widely used JavaScript library React, as well as several React-based frameworks, including Next.js, allows unauthenticated remote attackers to execute malicious code on vulnerable instances. The vulnerability, tracked as CVE-2025-55182, also known as React2Shell, has been assigned a maximum CVSS severity rating of 10.0, with an estimated 39% of cloud environments affected.
Within hours of disclosure, multiple threat actors, including state-sponsored groups, were observed exploiting the flaw, with researchers confirming that over 30 organizations across multiple sectors have already been compromised.
What’s Notable and Unique
This vulnerability originates from insecure deserialization, where attacker-controlled inputs are processed without adequate validation. Since the flaw is unauthenticated, exploitation becomes significantly easier for threat actors. During deserialization, object properties are implicitly expanded, enabling prototype pollution that can alter application behavior and, when aligned with specific React Server Components execution paths, escalate to remote code execution (RCE).
Active exploitation of the React2Shell (CVE-2025-55182) vulnerability has already been observed from China state-nexus groups Earth Lamia and Jackpot Panda, as well as suspected North Korean actors who are attacking unpatched React Server Components using automated scans and PoC exploits.
Subsequent activity includes EtherRAT and EtherHiding-based payload delivery linked to Democratic People’s Republic of Korea (DPRK) actor UNC5342, BPFDoor attributed to Red Menshen, the newly identified Auto-color PAM backdoor, and Cobalt Strike, demonstrating the broad use of React2Shell as an initial access vector.
The issue affects versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 of the react-server-dom-parcel, react-server-dom-webpack, and react-server-dom-turbopack packages, which are embedded in frameworks such as Next.js (≥14.3.0-canary.77, ≥15, ≥16) and other tools including Vite, Parcel, React Router, RedwoodSDK, and Waku.
Analyst Comments
Organizations should prioritize immediate patching to address the React2Shell (CVE-2025-55182) vulnerability and ensure all internet-facing applications are updated to the vendor-recommended versions. In the interim, it is advisable to restrict access to Server Function/Flight endpoints and monitor for any unusual Node.js activity or anomalous React Server Components request patterns due to confirmed exploitation attempts.
At Arete, we are actively monitoring all endpoints for suspicious activity related to this vulnerability and will take prompt action to contain and mitigate any threats. Our security monitoring and response capabilities are fully maintained to ensure timely detection and protection against emerging risks.
Sources
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)
‘Exploitation is imminent’ as 39 percent of cloud environs have max-severity React hole
Responding to CVE-2025-55182: Secure your React and Next.js workloads
Protect against React RSC CVE-2025-55182 with Azure Web Application Firewall (WAF)
Back to Blog Posts
Article
Feb 5, 2026
Ransomware Trends & Data Insights: January 2026
Although Akira was once again the most active ransomware group in January, the threat landscape was more evenly distributed than it was throughout most of 2025. In December 2025, the three most active threat groups accounted for 57% of all ransomware and extortion activity; in January, the top three accounted for just 34%. Akira’s dominance also decreased to levels more consistent with early 2025, as the group was responsible for almost a third of all attacks in December but just 17% in January.
The number of unique ransomware and extortion groups observed in January increased slightly, to 17, up from 14 in December. It is too early to assess whether this trend will be the new normal for 2026. It is also worth noting that overall activity in January was lower than in previous months, consistent with what Arete typically observes at the beginning of a new year.
Figure 1. Activity from all threat groups in January 2026
Throughout the month of January, analysts at Arete identified several distinct trends behind the threat actors perpetrating cybercrime activities:
In January, Arete observed the reemergence of the LockBit Ransomware-as-a-Service (RaaS) group, which deployed an updated “LockBit 5.0” variant of its ransomware. LockBit first announced the 5.0 version on the RAMP dark web forum in early September 2025, coinciding with the group’s six-year anniversary. The latest LockBit 5.0 variant has both Windows and Linux versions, with notable improvements, including anti-analysis features and unique 16-character extensions added to each encrypted file. However, it remains to be seen whether LockBit will return to consistent activity levels in 2026.
The ClickFix social engineering technique, which leverages fake error dialog boxes to deceive users into manually executing malicious PowerShell commands, continued to evolve in unique ways in January. One campaign reported in January involved fake Blue Screen of Death (BSOD) messages manipulating users into pasting attacker-controlled code. During the month, researchers also documented a separate campaign, dubbed “CrashFix,” that uses a malicious Chrome browser extension-based attack vector. It crashes the web browser, displays a message stating the browser had "stopped abnormally," and then prompts the victim to click a button that executes malicious commands.
Also in January, Fortinet confirmed that a new critical authentication vulnerability affecting its FortiGate devices is being actively exploited. The vulnerability, tracked as CVE-2026-24858, allows attackers with a FortiCloud account to log in to devices registered to other account owners due to an authentication bypass flaw in devices using FortiCloud single sign-on (SSO). This recent activity follows the exploitation of two other Fortinet SSO authentication flaws, CVE-2025-59718 and CVE-2025-59719, which were disclosed in December 2025.
Source
Arete Internal
Read More
Article
Feb 2, 2026
New FortiCloud SSO Vulnerability Exploited
Fortinet recently confirmed that its FortiGate devices are affected by a new critical authentication vulnerability that is being actively exploited. The vulnerability, tracked as CVE-2026-24858, allows attackers with a FortiCloud account to log in to devices registered to other account owners due to an authentication bypass flaw in devices using FortiCloud single sign-on (SSO). CISA added the vulnerability to its Known Exploited Vulnerabilities catalogue and gave federal agencies just three days to patch, which requires users to upgrade all devices running FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb to fixed versions. This recent activity follows the exploitation of two other SSO authentication flaws, CVE-2025-59718 and CVE-2025-59719, which were disclosed last month.
What’s Notable and Unique
There are strong indications that much of the recent exploitation activity was automated, with attackers moving from initial access to account creation within seconds.
As observed in December 2025, the attackers’ primary target appears to be firewall configuration files, which contain a trove of information that can be leveraged in future operations.
The threat actors in this campaign favor innocuous, IT-themed email and account names, with malicious login activity originating from cloud-init@mail[.]io and cloud-noc@mail[.]io, while account names such as ‘secadmin’, ‘itadmin’, ‘audit’, and others are created for persistence and subsequent activity.
Analyst Comments
This is an active campaign, and the investigation into these attacks is ongoing. Organizations relying on FortiGate devices should remain extremely vigilant, even after following patching guidance. With threat actors circumventing authentication, it’s crucial to monitor for and alert on anomalous behavior within your environment, such as the unauthorized creation of admin accounts, the creation or modification of access policies, logins outside normal working hours, and anything that deviates from your security baseline.
Sources
Administrative FortiCloud SSO authentication bypass
Multiple Fortinet Products’ FortiCloud SSO Login Authentication Bypass
Arctic Wolf Observes Malicious Configuration Changes On Fortinet FortiGate Devices via SSO Accounts
Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719
Read More
Podcast
Jan 26, 2026
Cyber Campfire: December Threat Trends & Insights
Cyber Campfire delivers data-driven insights from Arete’s Threat Intelligence Team. In this episode, we discuss cyber threat trends, statistics, and emerging threat actors from December 2025. Tune in for an in-depth look at the evolving threat landscape and actionable insights for global organizations and security partners.
Read More
Article
Jan 26, 2026
Chrome Extensions Used for Credential-Stealing and ClickFix Attacks
Recent research reveals two distinct but similar malicious Chrome browser extension campaigns that demonstrate how threat actors are increasingly abusing trusted browser extension ecosystems to gain initial access, steal sessions, and compromise enterprise environments.
What’s Notable and Unique
In mid-January 2026, cybersecurity researchers uncovered a coordinated cluster of five malicious Chrome extensions masquerading as enterprise productivity or access management tools for popular Human Resource and Enterprise Resource Planning platforms such as Workday, NetSuite, and SAP SuccessFactors.
Although published under different names, the extensions shared identical infrastructure, code patterns, and attack logic, indicating a single, well-organized operation. These extensions enabled session hijacking and full account takeover by abusing browser-level access.
In January, researchers also documented a separate campaign, dubbed “CrashFix,” which uses a different but equally effective browser extension-based attack vector. In this case, a malicious Chrome extension named NexShield impersonated the legitimate uBlock Origin Lite ad blocker and was distributed through malicious ads that redirected users to the official Chrome Web Store where they would be prompted to download the malicious version.
The technique mentioned above is yet another evolution of the ClickFix style social engineering that emerged in 2025, in which users are tricked into executing malicious commands themselves. In CrashFix attacks, following the instructions led to the execution of PowerShell commands that downloaded and installed ModeloRAT, a previously undocumented Python based remote access trojan.
Analyst Comments
Browser extensions are being weaponized as highly trusted initial access vectors, with attackers blending technical abuse (cookie theft, resource exhaustion) with social engineering (productivity branding, fake repair prompts). Together, these two recent findings demonstrate that malicious Chrome extensions pose a risk as a primary entry point for enterprise compromise, making browser extension governance, monitoring, and user education a critical defensive priority. Organizations should monitor for hidden PowerShell processes that are accessing browser cache folders and limit the use of PowerShell to privileged administrators. Organizations should also continue to promote and update their security awareness training, educating employees on newer social engineering techniques such as ClickFix.
Sources
5 Malicious Chrome Extensions Enable Session Hijacking in Enterprise HR and ERP Systems
Dissecting CrashFix: KongTuke’s New Toy
Read More