from cm0002@lemmings.world to cybersecurity@infosec.pub on 20 Jan 16:20
https://lemmings.world/post/40084705
In January 2026, Huntress Senior Security Operations Analyst Tanner Filip observed threat actors using a malicious browser extension to display a fake security warning, claiming the browser had “stopped abnormally” and prompting users to run a “scan” to remediate the threats. Our analysis revealed this campaign is the work of KongTuke, a threat actor we have been tracking since the beginning of 2025. In this latest operation, we identified several new developments: a malicious browser extension called NexShield that impersonates the legitimate uBlock Origin Lite ad blocker, a new ClickFix variant we have dubbed “CrashFix” that intentionally crashes the browser then baits users into running malicious commands, and ModeloRAT, a previously undocumented Python RAT reserved exclusively for domain-joined hosts.
threaded - newest
This post has been seen at least three times on Lemmy so far (including this post):
Don’t link to or participate on Lemmy.ml, join the boycott today!
Just connecting the fediverse as you claimed to be doing with your mass reposting!
<img alt="" src="https://lemmings.world/pictrs/image/ee78d574-e4af-4e00-802c-8aab921eeb23.png">
Already handled by the internal crosspost system
Not for all frontends, as multiple people have told you in the past. I’m not going down that route again, but I sure will continue to help those that can’t see that you’re just crossposting from elsewhere.
There’s no such app or frontend, they all have the crosspost menu afaik, if you know of one, lmk even though you still haven’t. You just keep making that claim without actually answering lol
Here you go! lemmy.cafe/comment/15393162
Happy to help!
On the clients that were mentioned:
Here’s Thunder
<img alt="" src="https://lemmings.world/pictrs/image/aa65895f-0dff-4299-ac50-0833997fe47e.png">
Here’s the dbzer0 web interface
<img alt="" src="https://lemmings.world/pictrs/image/d5f16801-b79f-4b42-9533-6ef77ca7ac04.png">
All with proper crossposting menus, anything else you’d like to misrepresent or lie about?
It’s like that’s almost exactly what I mentioned you said, and exactly why I’m commenting proper links to older posts! It fixes the proxying issue you mention to include it in the post, so I’m happy I can be of assistance. I’m still not sure why it’s so upsetting to you when users link back to other posts in the comments, especially when you weren’t the first one to post it. It helps drive conversation when people know it’s happening elsewhere.
Not sure why you’d want to forward traffic to an instance who has admins that are transphobic and push Russian propaganda but you do you, I can’t stop you :)
I didn’t just link to ML, but go off! I’m not the one crossposting the content in the first place, I wouldn’t have linked to ML if that wasn’t where you got the post to begin with. Nice of you to bring up transphobia in an argument against a trans person, though!
Well this is what Nutomic, second head Lemmy dev and .ml admin has to say about the LGBTQ+ movement [Transphobia CW] lemmy.world/post/18236068
I don’t care what transphobes have to say, I’ve heard it all before. At least I don’t crosspost content from the land of transphobes, though! You enjoying having your feed be filled with ML content even though you claim to boycott them?
Taking content from them, doesn’t support their instance in any way. Upvoting, commenting and posting on comms on their instance does. Which I don’t do and by cross-posting content away onto non.ml comms it reduces their activity bit by bit but revitalizing other similar comms
But by your logic, the built in crosspost functionality is no worse than what I’ve done, right? Since the crosspost links always work, therefore you also linked to ML?
They display, in a separate submenu, increasing friction. It’s well known in human behavior/UI design that every additional click for the average user reduces the likelihood they’re just going to click it for no reason
That’s not really friction, and in fact, on the standard Lemmy UI, it’s not in a submenu at all…it’s just straight up linked under the post title. No extra click required. So what’s the difference?
Well sure, it’s not foolproof, but the vast majority of users are probably not using the default Lemmy UI (because it kinda sucks lol) and instead are using an app or other front end.
People should know that you’re crossposting from transphobic instances, in my opinion, so I’ll continue letting people know, especially for those using screen readers. Also, I use the default Lemmy UI almost daily.