Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Espionage

June 25, 2026

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

June 24, 2026

Researchers Trick AI Browsers Into Leaking Credentials

June 24, 2026
Facebook X (Twitter) Instagram
Thursday, June 25
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»Hackers Bypass Security Tools to Target Users Directly
News

Hackers Bypass Security Tools to Target Users Directly

Team-CWDBy Team-CWDMay 20, 2026No Comments2 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


Threat actors are eschewing traditional malware-driven attacks in order to bypass security tools and socially engineer their victims, according to a new study from Bridewell.

The consulting specialist made the claims in its Cyber Threat Intelligence Report 2026, published on May 18. The report draws on Bridewell’s “sustained monitoring of malicious infrastructure, client telemetry, incident response activity, and targeted research.”

Attack techniques like ClickFix, FileFix and ConsentFix trick users into copying commands, approving fake authentication prompts and completing legitimate login processes to bypass endpoint security, multifactor authentication (MFA) and other controls, it said.

Because attacks take place within the browser or trusted identity workflows, they’re much harder to spot, the firm warned.

Earlier this month, the Australian Cyber Security Centre (ACSC) was forced to alert users about a ClickFix campaign designed to spread the Vidar Stealer infostealing malware.

Read more on ClickFix: ClickFix Attacks Surge 517% in 2025.

In fact, Bridewell warned that infostealers have become a critical enabler in the cybercrime landscape, harvesting data that can be used for ransomware, fraud and other campaigns.

It added that the ransomware landscape continues to evolve and fragment, with rapid data theft becoming the main mechanism for extortion, rather than lengthier encryption-focused attacks.

The idea is to reduce response time and increase pressure on victims, it said.

Meanwhile, traditional barriers between cybercrime and nation state activity continue to erode increasing the scale, sophistication and unpredictability of attacks, especially those targeting critical infrastructure sectors.

Continued Growth in Supply Chain Compromise

Bridewell urged cybersecurity leaders to look out for the following threats over the coming year:

  • Increased exploitation of edge devices and identity infrastructure
  • Continued growth in supply chain compromise
  • Rising activity linked to North Korea and other state-aligned actors
  • Ongoing convergence between cybercrime and nation-state operations

“As attackers continue to exploit trusted systems and human behaviour, organizations must move beyond traditional security approaches and focus on identity protection, user awareness and threat-informed defence,” argued Gavin Knapp, head of cyber threat intelligence at Bridewell.

“While the structure of the threat landscape remains familiar, the speed, scale, and resilience of adversary operations continue to increase. As attackers place greater emphasis on identity abuse, edge infrastructure and data‑exfiltration‑driven extortion models, organizations must adapt defensive strategies accordingly.”



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleWhy Agentic AI Is Security’s Next Blind Spot
Next Article Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
Team-CWD
  • Website

Related Posts

News

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

June 24, 2026
News

Researchers Trick AI Browsers Into Leaking Credentials

June 24, 2026
News

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

June 24, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

It’s all fun and games until someone gets hacked

September 26, 2025

Managing risks to your loved one’s digital estate

April 2, 2026

Is it OK to let your children post selfies online?

February 17, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.