THE article reports that threat actors are eschewing traditional malware-driven attacks in order to bypass security tools and socially engineer victims, according to the Cyber Threat Intelligence Report 2026 published by Bridewell. The report notes attack techniques such as ClickFix, FileFix and ConsentFix that trick users into copying commands, approving fake authentication prompts and completing legitimate login processes to bypass endpoint security, MFA and other controls.
Because these attacks take place within the browser or trusted identity workflows, they are harder to spot, the firm warned. Earlier this month, the Australian Cyber Security Centre was forced to alert users about a ClickFix campaign designed to spread the Vidar Stealer infostealing malware. The analysis emphasises that infostealers have become a critical enabler in cybercrime, with data theft increasingly driving ransomware and other campaigns.