Cybercriminals are using a technique dubbed ClickFix, which employs false CAPTCHA verification pages, to distribute malware such as ransomware, infostealers, and the Qakbot banking trojan. The technique tricks users into running malicious commands disguised as common human verification prompts. Despite partial domain takedowns, the method’s reliance on social engineering ensures its continued effectiveness. The best defenses involve user training to recognize suspicious prompts, blocking known malicious domains, and deploying endpoint protection.
Sonatype reports rise in open source malware to 17,954
The 1Q 2025 Open Source Malware Index from Sonatype revealed that open source malware packages doubled compared to the same period last year, with 56%
