BleepingComputer recaps what they view as the 15 biggest cybersecurity and cyberattack stories of 2025. Four of the 15 involve ShinyHunters or the ScatteredLapsus$Hunters collective. Among other stories:
In 2025, ClickFix attacks became widely adopted by numerous threat actors, including state-sponsored hacking groups and ransomware gangs. What started as a Windows malware campaign, quickly expanded to macOS and Linux, with attacks that installed infostealers, RATs, and other malware.
ClickFix social engineering attacks are webpages designed to display an error or issue and then offer “fixes” to resolve it. These errors could be fake error messages, security warnings, CAPTCHA challenges, or update notices that instruct visitors to run PowerShell or shell commands to resolve the issue.
Victims end up infecting their own machines by running malicious PowerShell or shell commands provided in the attacker’s instructions.
ClickFix campaigns use a wide range of lures, including fake Windows Update screens, fake software activation videos on TikTok, and fake CAPTCHA challenges with video instructions that instruct victims to copy and paste commands that download and execute malware.
Read more at BleepingComputer.
