CyberSecurityBoard
Sponsor Register Login

"Clipboard Hijacking" A Fake CAPTCHA Steal Clipboard Data Via Hacked Sites

Unit 42 Intel took to X on April 4, 2025, to alert the public, stating: “Injected #KongTuke script in pages from legitimate but compromised websites leads to fake #CAPTCHA style pages and #ClipboardHijacking (#pastejacking). These pages ask users to paste malicious script into a Run window.” The post, accessible at included a link to further details and a visual of the fake CAPTCHA page, emphasizing the urgency of awareness. Detailed in a report by Bradley Duncan of Palo Alto Networks’ Unit 42 team, this attack leverages malicious scripts and fake CAPTCHA pages to hijack victims’ clipboards and potentially install unidentified malware. 2025-04-04 (Friday): Injected #KongTuke script in pages from legitimate but compromised websites leads to fake #CAPTCHA style pages and #ClipboardHijacking (#pastejacking). Instead of verifying identity, the page employs a technique known as “clipboard hijacking” or “pastejacking.” It covertly injects a malicious PowerShell script into the victim’s clipboard, accompanied by instructions urging the user to paste and execute it via a Windows Run window. A sophisticated new cyberattack chain dubbed “KongTuke” has been uncovered by cybersecurity researchers, targeting unsuspecting internet users through compromised legitimate websites. The KongTuke attack begins with a malicious script injected into legitimate but vulnerable websites.

This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 05 Apr 2025 13:35:26 +0000


Cyber News related to "Clipboard Hijacking" A Fake CAPTCHA Steal Clipboard Data Via Hacked Sites

Unraveling CAPTCHA: A Comprehensive Insight Into Its History, Applications, and Efficiency - History of CAPTCHA. The inception of CAPTCHA dates back to the late 1990s when researchers at Carnegie Mellon University led by Luis von Ahn, Manuel Blum, and others, sought a solution to prevent automated bots from infiltrating online platforms. In ...
1 year ago Feeds.dzone.com Inception
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
9 months ago Aws.amazon.com
Ukraine-Russia Cyber Battles Have Real-World Impact - "The evolution of cyberattacks and malware, particularly those that have an intersection with the use of generative AI, have lowered the barrier for entry for threat actors, leading to more threats and a greater volume of attacks," he says. ...
9 months ago Darkreading.com
Unix Printing Vulnerabilities Enable Easy DDoS Attacks - "For each packet sent, the vulnerable CUPS server will generate a larger and partially attacker-controlled IPP/HTTP request directed at the specified target." Akamai found that all it takes for someone to launch an attack is to send a ...
9 months ago Darkreading.com CVE-2024-47176 CVE-2024-47076 CVE-2024-47175 CVE-2024-47177
"Clipboard Hijacking" A Fake CAPTCHA Steal Clipboard Data Via Hacked Sites - Unit 42 Intel took to X on April 4, 2025, to alert the public, stating: “Injected #KongTuke script in pages from legitimate but compromised websites leads to fake #CAPTCHA style pages and #ClipboardHijacking (#pastejacking). These pages ask ...
3 months ago Cybersecuritynews.com
iClicker hack targeted students with malware via fake CAPTCHA - The website of iClicker, a popular student engagement platform, was compromised in a ClickFix attack that used a fake CAPTCHA prompt to trick students and instructors into installing malware on their devices. According to a security alert from the ...
2 months ago Bleepingcomputer.com
Attackers Targeting Recruiters With More_Eggs Backdoor - FIN6 has been known in the past to pose as recruitment officers to target job seekers, but it appears to be "moving from posing as fake recruiters to now masquerading as fake job applicants" in a shift in tactics, Trend Micro researchers ...
9 months ago Darkreading.com FIN6
Overtaxed State CISOs Struggle with Budgeting, Staffing - Though the number of scarily understaffed offices has dropped — just two respondents reported having one to five full-time employees, down from six in 2022 — more than half of state CISOs report that their staff lack the competencies necessary to ...
9 months ago Darkreading.com
Unlocking CAPTCHAs: Moving Beyond Deterrence to Detection - In the digital realm, CAPTCHA has long been viewed as a necessary annoyance, a tool employed to thwart automated bots and ensure that real human users can successfully interact with websites. A paradigm shift is underway in how we perceive CAPTCHA. ...
1 year ago Securityboulevard.com
US SEC's X account hacked to announce fake Bitcoin ETF approval - The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. The announcement came this afternoon in a now-deleted tweet from the SEC's hacked X ...
1 year ago Bleepingcomputer.com
CVE-2025-27636 - Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to ...
3 weeks ago CVE-2025-29891
DPRK's APT37 Targets Cambodia in Khmer - The North Korean state-sponsored threat actor known as APT37 has been carefully spreading a novel backdoor, dubbed "VeilShell." Of note is its target: Most North Korean advanced persistent threats (APTs) have a history of targeting ...
9 months ago Darkreading.com APT3 APT37
Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally - Microsoft, which tracks the group as "Seashell Blizzard," has identified a subgroup within 74455 focused solely on gaining initial access to high-value organizations across major industries and geographic regions. Sandworm has targeted ...
5 months ago Darkreading.com CVE-2023-48788 CVE-2024-1709
How This Security Firm's 'Bias' Is Also Its Superpower - "We are helping our clients simplify their strategies and align them to their actual business objectives so that they have a much easier and more efficient approach to developing not just minimum viable security for whatever their product is, ...
5 months ago Darkreading.com Equation
Mandiant's X account hacked by crypto Drainer-as-a-Service gang - The threat actor who took over Mandiant's X social media account used it to share links, redirecting the company's over 123,000 followers to a phishing page to steal cryptocurrency. As Mandiant found during a follow-up investigation into the ...
1 year ago Bleepingcomputer.com
New Stealthy NodeJS Backdoor Infects Users via CAPTCHA Verifications - This campaign represents a growing trend of threat actors exploiting seemingly legitimate security measures to distribute malicious code, targeting users who are accustomed to completing CAPTCHA challenges during their regular online activities. When ...
2 months ago Cybersecuritynews.com
Open Source AI Models: Big Risks for Malicious Code, Vulns - Companies pursing internal AI development using models from Hugging Face and other open source repositories need to focus on supply chain security and checking for vulnerabilities. While the attacks appeared to be proofs-of-concept, their success in ...
5 months ago Darkreading.com
New Variant of macOS Threat XCSSET Spotted in the Wild - To avoid downloading Xcode projects infected with XCSSET, Microsoft recommends that developers and users "always inspect and verify any Xcode projects downloaded or cloned from repositories" that potentially will spread the malware. ...
4 months ago Darkreading.com
Beware of Fake CAPTCHA Prompts That May Silently Install LummaStealer on Your Device - The attack specifically targets users of booking websites by presenting fake booking confirmation pages that require CAPTCHA verification to view document details. The Infection Chain Flow shows how the attack progresses from the initial visit to a ...
4 months ago Cybersecuritynews.com
CVE-2023-26031 - Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to ...
55 years ago Tenable.com
Australian Infrastructure Faces 'Acute' Foreign Threats - "Cyber units from at least one nation state routinely try to explore and exploit Australia’s critical infrastructure networks, almost certainly mapping systems so they can lay down malware or maintain access in the future," Burgess said. ...
4 months ago Darkreading.com
CVE-2015-8311 - On 2015-09-14, Marcello Duarte disclosed a vulnerability in FreeSWITCH on the Bugtraq mail list. This was assigned CVE-2015-7392 which reads: Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before ...
55 years ago Tenable.com
Calif. Gov. Vetoes AI Safety Bill Aimed at Big Tech Players - "Moreover, the latest independent academic research concludes, large language models like ChatGPT cannot learn independently or acquire new skills, meaning they pose no existential threat to humanity." The coalition also took issue with the ...
9 months ago Darkreading.com
Dragos Expands ICS Platform with New Acquisition - "We grew pretty fast to become the de facto solution in the electric industry as the OT network visibility and segmentation analysis solution, which is extremely important in the case of compliance for the regulation in this industry," ...
9 months ago Darkreading.com
CVE-2012-45971 - 1) McAfee Email and Web Security and Email Gateway contains a flaw related to the /admin/cgi-bin/localadmin script. The issue is due to the script calling the SCMAdmin::AuthManagement::localLogin() function when $ENV{WS_SOURCE_IP} is 127.0.0.1. ...
55 years ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)