The Based Apparel website linked to FBI Director Kash Patel has been identified hosting a ClickFix malware attack, attempting to trick visitors into installing malicious software.
Security researchers discovered the attack vector on the e-commerce site, which uses social engineering tactics common to ClickFix campaigns. These attacks typically display fake system warnings or update prompts, deceiving users into downloading malware.
ClickFix attacks have become increasingly prevalent in 2024, targeting Windows users through compromised websites and malicious ads. The malware often leads to ransomware infections or credential theft.
The discovery raises questions about website security practices and third-party vulnerabilities. It's unclear whether the attack represents a compromise of the site's infrastructure or a supply chain issue.
Based Apparel sells merchandise featuring political messaging. The incident highlights how high-profile websites remain attractive targets for attackers seeking to distribute malware at scale.
No statement has been issued regarding the attack or remediation efforts.
Artificial intelligence discovered a critical security vulnerability in Linux kernel code that human developers overlooked for over a decade. The bug could allow unauthorized root access to systems.
Researchers have demonstrated a new attack called 'Ghostcommit' that hides prompt injections in PNG files to fool AI code reviewers and agents into exposing repository secrets.
Australia's eSafety watchdog will investigate whether major adult websites are allowing users to bypass age verification requirements using virtual private networks (VPNs). The probe follows new regulations introduced in March requiring age checks on adult content.