Find notable cyber news and cases, enriched with sources, timelines, and signals.

Matrix Push C2 browser push notification malware delivery

Malware Activity
First reported
Last updated
Happening score
H score 22
2 unique sources, 2 articles

Summary

Hide ▲

The Matrix Push C2 platform is abusing browser push notifications to deliver fake alerts and steer victims to malicious sites, expanding malware delivery across Windows, Mac, Linux, Android, and more. It also lets operators watch infected browsers in real time, making the abuse more dangerous than a simple phishing lure. The activity matters because the channel is described as fileless and can evade suspicion by using a normal browser feature.

Related Happenings

Enterprise browser phishing detection gaps leave one in five attacks undetected

Trend
H score29 First: 10.06.2026 18:30 Last: 10.06.2026 18:30 Sources 1

About this happening: Browser-based phishing is leaving **enterprise users** exposed, with **one in five** attacks going completely undetected across **millions of active browser sessions** from **Janu...

Securing the browser session layer to reduce enterprise browser-based phishing and session-layer abuse

Defensive Guidance
H score14 First: 10.06.2026 18:30 Last: 10.06.2026 18:30 Sources 1

About this happening: **Enterprise browser-session hardening** is being emphasized to reduce **browser-based phishing** and **session-layer abuse** across enterprise environments. The guidance targets...

Browser-layer visibility guidance for browser-native threats

Defensive Guidance
H score22 First: 05.06.2026 17:00 Last: 05.06.2026 17:00 Sources 1

About this happening: **Security teams** are being pushed to treat **browser sessions** as the primary detection surface for **phishing**, **credential theft**, and **ClickFix**. **Browser-native attac...

DriveSurge large-scale website-hijack malware distribution campaign

Campaign
H score41 First: 02.06.2026 01:14 Last: 02.06.2026 01:14 Sources 1

About this happening: The **DriveSurge** campaign is redirecting visitors from **thousands of compromised websites** to **malware-delivery infrastructure**, creating a broad infection path through **Cl...

Chromium JavaScript background RCE flaw

Vulnerability
H score16 First: 21.05.2026 21:13 Last: 21.05.2026 21:13 Sources 1

About this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...

Timeline

  1. 20.11.2025 02:00 2 articles · 7mo ago

    Matrix Push C2 browser notification abuse disclosed

    Initial Disclosure

    BlackFrog disclosed Matrix Push C2, a newly discovered command-and-control platform that abuses the web browser push notification system to deliver fake system and security alerts, redirect victims to phishing pages or malware downloads, and monitor infected browsers in real time. The platform uses a web-based dashboard, configurable templates that mimic brands such as MetaMask, Netflix, Cloudflare, PayPal, and TikTok, short redirect URLs, and a fileless browser-based workflow that works across Windows, Mac, Linux, Android, and other browser-equipped devices; BlackFrog recommended anti data exfiltration (ADX) technology to block outbound traffic.

    Show sources