Wednesday , July 30 2025
fake Cloudflare

ClickFix Attack Exploits Fake Cloudflare Human Check to Install Malware

infosecbulletin Sunday , June 8 2025 Uncategorized

A new social engineering attack uses familiar security checks to trick users into downloading malware via fake Cloudflare verification pages.

The ClickFix attack technique marks a worrying shift in phishing methods, moving away from traditional file downloads to tricking users into running harmful commands on their own devices.

BD Bank and CIRT alert for cyber attack

By infosecbulletin / Wednesday , July 30 2025
Bangladesh Bank has alerted all scheduled banks to enhance their cybersecurity measures to protect sensitive financial data and ICT systems...
Read More
BD Bank and CIRT alert for cyber attack

French Telecom Giant Orange Hit by Cyberattack

By infosecbulletin / Wednesday , July 30 2025
Orange, a major French telecom company, announced on Monday that it was attacked by hackers. In the announcement, the company...
Read More
French Telecom Giant Orange Hit by Cyberattack

SonicWall SMA100 Series N-day Vulns Technical Details Revealed

By infosecbulletin / Wednesday , July 30 2025
SonicWall's SMA100 series SSL-VPN appliances have serious security vulnerabilities, revealing ongoing issues in network infrastructure. The identified vulnerabilities show fundamental...
Read More
SonicWall SMA100 Series N-day Vulns Technical Details Revealed

Cyber attack closes hundreds of pharmacies across Russia

By infosecbulletin / Tuesday , July 29 2025
Russia's two largest pharmacy chains halted operations in several regions on Tuesday due to cyberattacks that affected their digital systems...
Read More
Cyber attack closes hundreds of pharmacies across Russia

Researchers unveil over $2 million fake currency operation in India

By infosecbulletin / Tuesday , July 29 2025
Cybersecurity researchers from CloudSEK’s STRIKE team used facial recognition and GPS to uncover a large fake currency scheme worth over...
Read More
Researchers unveil over $2 million fake currency operation in India

IIT-K to launch real time cyber attack alert app

By infosecbulletin / Sunday , July 27 2025
A new real-time alert app for preventing cyber fraud is expected to launch next year, as reported by researchers at...
Read More
IIT-K to launch real time cyber attack alert app

Broadcom Blocks some VMware Security Updates for Perpetual License Holders

By infosecbulletin / Saturday , July 26 2025
Some customers of Broadcom’s VMware business currently cannot access security patches, putting them at greater risk of attack. Customers in...
Read More
Broadcom Blocks some VMware Security Updates for Perpetual License Holders

“Hidden Investigations”: A School Boy Curiosity Turn into Leading Cybersecurity Team

By infosecbulletin / Saturday , July 26 2025
Hidden Investigations is a cybersecurity-driven team committed to advancing digital security through research, innovation, and hands-on impact, bridging the gap...
Read More
“Hidden Investigations”: A School Boy Curiosity Turn into Leading Cybersecurity Team

ALERT
Fake Indian Banking Apps on Android Steal Banking Credentials

By infosecbulletin / Saturday , July 26 2025
A harmful Android app has been found that pretends to be real Indian banking apps to steal credentials, spy on...
Read More
ALERT Fake Indian Banking Apps on Android Steal Banking Credentials

CIRT alerts CII, Energy Sectors, Banks risk for a large-scale cyberattack

By infosecbulletin / Friday , July 25 2025
BGD e-GOV CIRT alert for a potential risk of cyber attack on Thursday (24.07.2025). In its situational alert, CIRT said,...
Read More
CIRT alerts CII, Energy Sectors, Banks risk for a large-scale cyberattack

The attack uses a fake Cloudflare Turnstile interface that looks real, featuring official branding, genuine wording, and dynamic Ray IDs to deceive victims.

Users often encounter fake verification pages displaying familiar messages like “Checking if the site connection is secure – Verify you are human,” which resemble real Cloudflare protection. This mimicry takes advantage of verification fatigue, where users quickly click through security prompts without careful scrutiny.

SlashNext researchers have identified a new threat that uses a clever method to evade traditional security measures.

The technique is very effective because it relies on user trust in established security providers and doesn’t need complex exploits or zero-day vulnerabilities.

The attack tricks users into running harmful code by pretending to be a normal verification process.

The campaign has been seen spreading different types of malware, including information stealers like Lumma and Stealc, and remote access trojans like NetSupport Manager.

The attack succeeds by using legitimate system tools with harmful parameters, allowing it to bypass traditional security filters instead of relying on suspicious downloads.

This method bypasses many endpoint protection tools that scan downloaded files. To read the full report click here.

Fortinet flaws now exploited in Qilin ransomware attacks

 

Check Also

Google

Google patched 2 Android zero-days and 60 other flaws

In its April 2025 security update, Google patched 62 vulnerabilities in Android, including two zero-days …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin