Browser attacks without downloads. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 20 September 2025

⏱️ 23 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Today we are joined by Nati Tal, Head of Guardio Labs, discussing their work “CAPTCHAgeddon” or unmasking the viral evolution of the ClickFix browser-based threat. CAPTCHAgeddon — Shaked Chen’s deep dive into the ClickFix fake-captcha wave — reveals how a red-team trick morphed into a dominant, download-free browser threat that tricks users into pasting clipboard PowerShell/shell commands and leverages trusted infrastructure, including Google Scripts. Guardio’s DBSCAN-based payload clustering exposes distinct attacker toolkits and distribution paths — from malvertising and compromised WordPress to social posts and Git repos — and argues defenders need behavioral, intelligence-driven protections, not just signatures. The research can be found here: “CAPTCHAgeddon” Unmasking the Viral Evolution of the ClickFix Browser-Based Threat Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:10.1	At TALIS, they know cybersecurity can be tough and you can't protect everything,
0:17.6	but with TALIS, you can secure what matters most.
0:23.2	With TALIS's industry-leading platforms, you can protect critical applications, data, and identities, anywhere and at scale with the highest
0:29.7	ROI. That's why the most trusted brands and largest banks, retailers, and healthcare companies in the
0:36.1	world rely on Talis to protect what matters most. Applications, retailers, and healthcare companies in the world rely on Talis to protect what matters most.
0:40.0	Applications, data, and identity.
0:42.6	That's Talis.
0:44.0	T-H-A-L-E-S.
0:45.8	Learn more at Talisgroup.com slash cyber.
0:50.0	Thank you. Hello, everyone, and welcome to the Cyberwires Research Saturday. I'm Dave Bittner, and this is our weekly conversation with researchers and analysts
1:11.5	tracking down the threats and vulnerabilities, solving some of the hard problems and protecting
1:16.6	ourselves in a rapidly evolving cyberspace.
1:20.1	Thanks for joining us.
1:26.5	This type of attack is trying to fool the visitors of the website to do something that
1:33.3	are used to do like updating their browser in the early phases with clear fake or in this
1:40.8	case solving a capture. We are so used to do that, so we are doing it once again.
1:46.2	But in this case, we are being fooled into doing something quite malicious.
1:51.0	In this case, running the attackers' code on our system.
1:54.8	That's Natital, head of Guardio Labs.
1:58.0	The research we're discussing today is about Kapshageddon, unmasking the viral evolution of the
2:03.8	click-fix browser-based threat.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.