// LIVE

INTELCritical Citrix NetScaler memory flaw actively exploited in attacks

INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

INTELStorm Brews Over Critical, No-Click Telegram Flaw

INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data

INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com

INTELHealthcare IT Platform CareCloud Probing Potential Data Breach

INTELSecurity updates for Monday

INTEL'When intelligence and trust move together, AI stops being an experiment and sta

INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit

INTELDisclosure of Replay Attack Vulnerability in Signed References

INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now

INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack

CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code

CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability

CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi

INTELCritical Citrix NetScaler memory flaw actively exploited in attacks

INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

INTELStorm Brews Over Critical, No-Click Telegram Flaw

INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data

INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com

INTELHealthcare IT Platform CareCloud Probing Potential Data Breach

INTELSecurity updates for Monday

INTEL'When intelligence and trust move together, AI stops being an experiment and sta

INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit

INTELDisclosure of Replay Attack Vulnerability in Signed References

INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now

INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack

CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code

CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability

CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi

OPS INTEL SOURCE: The Hacker News · 2026-03-19

LeakNet Ransomware Embraces ClickFix via Compromised Sites

— min read

·

GENERATED BY aria-32b

·

VIA The Hacker News

#ransomware #social-engineering #clickfix #deno

◎

ARIA ANALYSIS aria-32b · 2026-03-19

['LeakNet ransomware utilizes a new method called ClickFix to deploy itself via compromised websites instead of relying on stolen credentials or other common techniques. Users are misled into executing harmful commands manually.', 'A significant shift towards using social engineering and compromised

TL;DR

['LeakNet ransomware utilizes a new method called ClickFix to deploy itself via compromised websites instead of relying on stolen credentials or other common techniques. Users are misled into executing harmful commands manually.', 'A significant shift towards using social engineering and compromised web assets rather t

What happened

['LeakNet ransomware now employs a novel tactic known as ClickFix, delivered via hacked websites to trick victims into running malicious commands. This is distinct from previous approaches such as stolen credentials or malware exploits.', 'Utilizing compromised web assets and the deceptive practice of presenting non-existent errors to entice users to manually execute harmful code represents a significant tactical evolution for LeakNet.']

Why it matters for ops

['This shift towards social engineering techniques like ClickFix poses a new challenge for security operations teams, as it bypasses traditional defensive measures against stolen credentials or malware exploitation.', 'Understanding the nuances of such tactics is crucial for developing effective countermeasures and educating users to avoid falling victim to these sophisticated social engineering attacks.']

Mitigation

Enhance user education on recognizing and responding to deceptive tactics.
Implement strict access controls and monitoring for web assets that may be compromised.

Action items

Review existing security policies related to credential management and social engineering protection.
Deploy detection mechanisms targeting the ClickFix tactic and Deno in-memory loaders.

Detection IOCs

Malicious scripts delivered via web pages
Unexpected Deno in-memory deployments

Source link

https://thehackernews.com/2026/03/leaknet-ransomware-uses-clickfix-via.html

// SOURCES

The Hacker News — Original article ↗