Find notable cyber news and cases, enriched with sources, timelines, and signals.

PHALT#BLYX ClickFix phishing campaign targets European hospitality with DCRat

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

PHALT#BLYX is an active ClickFix-style phishing campaign that targets the European hospitality sector and uses Booking.com-themed reservation-cancellation lures to push victims into running malicious PowerShell. The operation matters because fake CAPTCHA pages and bogus BSoD recovery prompts are used to trigger code execution, enabling MSBuild.exe-based payload delivery, Defender tampering, and DCRat installation.

Related Happenings

Fake AI study guide AsyncRAT lure campaign targeting Windows users

Campaign
H score33 First: 11.06.2026 17:00 Last: 11.06.2026 17:00 Sources 1

About this happening: A **malware-luring campaign** now uses fake **AI study guides** and **developer resources** to target **Windows users** at organizations, increasing the risk of stealthy **AsyncRA...

KongTuke Microsoft Teams initial access campaign

Campaign
H score42 First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **KongTuke** campaign now uses **Microsoft Teams** social engineering to gain persistent access to **corporate networks**, shortening initial compromise to **under five minute...

Silver Fox South Asia phishing campaign

Campaign
H score34 First: 24.03.2026 18:00 Last: 24.03.2026 18:00 Sources 1

About this happening: The **Silver Fox** campaign now includes **BYOVD** abuse of a previously unknown **WatchDog Anti-malware** driver, **amsdk.sys (version 1.0.600)**, to disable security tools on co...

Microsoft Teams Quick Assist A0Backdoor phishing campaign

Campaign
H score32 First: 10.03.2026 00:50 Last: 10.03.2026 00:50 Sources 1

About this happening: The **Microsoft Teams** phishing campaign is tricking employees at **financial and healthcare organizations** into starting **Quick Assist** remote sessions, creating an immediate...

A0Backdoor malware deployed through signed MSI sideloading and DNS MX C2

Malware Activity
H score22 First: 10.03.2026 00:50 Last: 10.03.2026 00:50 Sources 1

About this happening: The **A0Backdoor** malware was deployed on **Windows endpoints** through **digitally signed MSI installers** and **DLL sideloading**, giving the operators a stealthier path to exe...

Timeline

  1. 06.01.2026 14:13 2 articles · 6mo ago

    PHALT#BLYX ClickFix phishing campaign targets European hospitality with DCRat

    Initial Disclosure

    The initial access phase starts with a phishing email impersonating **Booking.com** and warning recipients about an unexpected reservation cancellation. A fake website then presents a bogus **CAPTCHA** and **BSoD** recovery prompt that tries to get the victim to paste and execute a command in Windows Run.

    Show sources