Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

X Grok malicious-link bypass campaign

Campaign
First reported
Last updated
Happening score
H score 41
2 unique sources, 2 articles

Summary

Hide ▲

Campaign activity on X is abusing Grok to turn hidden URLs in video-card "From:" metadata into clickable links, a bypass Guardio Labs dubbed "grokking". The operation is being used to spread malicious links to millions of users at a time, with reporting that it is happening hundreds of times a day. The abuse can boost scam, malware, and other shady content by leveraging a trusted assistant reply and the reach of promoted posts.

Related Happenings

ClickFix MacSync social-engineering campaign targeting macOS users

Campaign
First: 16.03.2026 13:41 Last: 16.03.2026 13:41 Sources 1

About this happening: A **ClickFix** campaign is using **fake Cloudflare CAPTCHA verification challenges**, **embedded video tutorials**, and **automatic OS detection** to trick victims into pasting an...

Open Happening

Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps

Technical Analysis
First: 11.03.2026 18:38 Last: 11.03.2026 18:38 Sources 1

About this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...

Open Happening

AI assistants with web browsing repurposed as covert C2 relays

Technical Analysis
First: 18.02.2026 17:00 Last: 18.02.2026 17:00 Sources 1

About this happening: AI assistants with web browsing are now being shown as **covert command-and-control relays**, letting malware hide commands and stolen data inside routine enterprise traffic. **Gr...

Open Happening

AMOS infostealer delivered through Google ads and poisoned ChatGPT/Grok lures

Malware Activity
First: 11.12.2025 01:50 Last: 11.12.2025 01:50 Sources 1

About this happening: The **AMOS** infostealer is being distributed through **Google search ads** that steer macOS users into poisoned **ChatGPT** and **Grok** conversations, creating a fresh path to c...

Open Happening

X Grokking malvertising campaign

Campaign
First: 04.09.2025 13:21 Last: 04.09.2025 13:21 Sources 1

About this happening: **Cybercriminals** are running a coordinated **X malvertising campaign** that abuses **Grok** to surface hidden malicious links and push them into **millions of feeds**. The opera...

Open Happening

Timeline

  1. 04.09.2025 01:01 3 articles · 8mo ago

    Threat actors abuse X's Grok AI to surface hidden malicious links

    Initial Disclosure

    Threat actors are abusing X's Grok AI to bypass link-posting restrictions by hiding malicious URLs in the video card's "From:" metadata and then asking Grok to reveal them. Grok returns the full malicious link in clickable format, which boosts credibility and reach on X and can drive users to scams, fake CAPTCHA tests, information-stealing malware, and other malicious payloads.

    Show sources
    Open in new tab