storm-2561

ClickFix Went Cross-Platform This Week. Mac Users, You're Not Safe.

John Z Black Mar 17, 2026

Malware & Threats #clickfix #macsync #remcos #social-engineering #macos #vpn #malware #storm-2561

Three separate campaigns are using ClickFix to trick people into installing malware themselves. macOS, Windows, enterprise VPN users. No exploit needed. Just copy, paste, execute.

Storm-2561: Googling Your VPN Download Just Became a Security Risk

John Z Black Mar 13, 2026

Threat Intelligence #seo-poisoning #storm-2561 #vpn #credential-theft #malware #social-engineering

Microsoft exposed Storm-2561, a threat actor using SEO poisoning to serve fake VPN downloads that steal corporate credentials. The attack requires zero phishing emails. Just a search engine.