Eye Security

In the first half of this year, Fake CAPTCHA/ClickFix attacks have surged, establishing the attack vector as a mainstream threat, just like phishing. These attacks exploit fake CAPTCHA challenges (the familiar "I am not a robot" verification challenges) to trick users into manually executing malware disguised as browser verification steps. Just weeks ago, Google's Threat Intelligence Group reported that a Russian state-backed APT is using ClickFix-style social engineering as the entry point for new malware, owing to the sheer effectiveness of fake CAPTCHAs/ClickFix. Recently, Palo Alto Networks' Unit 42 uncovered the IUAM ClickFix Generator, a tool that automates the creation of these attacks, making them easier to deploy and likely even more widespread in the near future. To counteract ClickFix attacks, one option is disabling the run prompt altogether, for instance using a GPO. This, however, will lead to another game of whack-a-mole, as there are more ways to get command execution. Fortunately, there's a simpler and more effective way to protect yourself: install Eye Security's ClickFix Block extension for Edge or Chrome. Combined with good Endpoint Detection and Response software, these fake CAPTCHA attacks are stopped before they can cause any real harm. The attacks described in the blogs below would have been detected and blocked by ClickFix Block v0.0.7, breaking the attack chain when the payload is being surreptitiously copied to the clipboard. Read more in the comments.

𝐀𝐧𝐨𝐭𝐡𝐞𝐫 𝐲𝐞𝐚𝐫 𝐨𝐟 𝐠𝐫𝐨𝐰𝐭𝐡 𝐟𝐨𝐫 𝐄𝐲𝐞 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲. 💥 🏆 We’re proud to be rewarded with an impressive 11th place in the Deloitte Technology Fast 50, making us once again one of the fastest-growing tech companies in the Netherlands. A huge thank you to our team. Your energy and ambition make this possible every single day. And of course to our clients and partners for the trust and collaboration that keep us moving forward. Congratulations to all fellow winners, especially Zander Labs, Aquablu , and 8vance! Looking forward to 2026, with even more innovation, impact, and ambition to make Europe a safer place to work and do business. #cybersecurity #growth #technology #teamwork #innovation #fast50

Our R&D team keeps growing, and so does the leadership behind it. This week, our Engineering leadership joined LeadDev Berlin, a conference focused on the real challenges of scaling teams, leading through complexity, and building resilient engineering cultures. As our R&D efforts evolve across product, platform, and infrastructure, we are increasingly investing in building leadership. The Berlin meetup was also a chance to get together as a group and prepare for what’s next. In the photos, Bert S., Jos Huiting, Jesper Bergeskans, Oberon B., Nick Kuilman, and Ravisha Gaur: our Engineering leadership team. Check out our open roles and keep an eye on our Careers page, there’s more on the way! Links in the comments. #eyesecurity #lifeateyesecurity

Eye Security is weer aanwezig op de ICT & Logistiek beurs in Utrecht! 🚛 Om 14:15 spreken Heino Kempers en Lodi Hensen op mainstage over hoe je als IT-manager het cyberrisico kunt beheersen met steeds hogere druk vanuit klanten en wet- en regelgeving. Samen met Meijers Assurantiën en Previder gaan we verder het gesprek aan op de beursvloer over cyberrisico’s in de logistiek en hoe bedrijven zich beter kunnen beschermen en verzekeren. Je vindt ons op stand 09.B092. Kom vooral even langs! ☕️ #ICTenLogistiek #Cybersecurity #Logistiek #EyeSecurity #Cyberrisico

Proud that our 𝗘𝘁𝗵𝗶𝗰𝗮𝗹 𝗔𝗜 𝗣𝗿𝗼𝗺𝗽𝘁 𝗜𝗻𝗷𝗲𝗰𝘁𝗶𝗼𝗻 concept has been covered by multiple media outlets this week 📰! Today, I've been interviewed by Help Net Security to share my perspective on Shadow AI, it's threat and the opportunities 👉https://lnkd.in/eEFPBczT If you want to know how we embed simple security disclaimers in corporate documents, that pop-up in popular AI tools like ChatGPT and DeepSeek AI 🇨🇳? Read more on how we battle Shadow AI: https://lnkd.in/eyXMuPh9

Wrapping up Cybersecurity Awareness Month 2025 👁️🗨️ This October, we've been building, researching, and sharing to make Europe a little safer. Here are three ways we contributed and took action this month: 🧩 ClickFix Block, stopping fake CAPTCHA attacks A new social-engineering trend, ClickFix, tricks users into pasting malicious commands from their clipboard. We built a free browser extension that blocks this technique entirely, protecting users and organisations at the source. Available free for everyone in the Chrome Web Store. Prompt Injection for Good 🚧  As generative AI becomes part of everyone's work, so does the risk of Shadow AI. Our research team flipped a known attack technique, prompt injection, into a defensive awareness tool. The result is an open-source prototype that embeds just-in-time AI warnings directly into company files. ⚠️ Active exploitation of WSUS (CVE-2025-59287) To us, cyber awareness also means sharing timely information that prevents incidents. When exploitation of this vulnerability began spreading globally, we shared indicators, guidance, and telemetry with others to help organisations act fast. #cybersecurityawarenessmonth2025 #cyberawarenessmonth #eyesecurity #cybersecurity

⚠️💬 𝗜𝗻𝘁𝗿𝗼𝗱𝘂𝗰𝗶𝗻𝗴: Prompt Injection for Good, the concept of turning one of AI's biggest vulnerabilities into a defensive tool Generative AI tools like ChatGPT, Microsoft Copilot and DeepSeek AI are transforming work, but they also introduce a new risk: Shadow AI. Every time an employee uploads a company document to an unsanctioned AI tool, sensitive data may leave your organisation’s control. Our team at Eye Security asked: What if we could turn the very technique attackers use, prompt injection, into a tool for protection and awareness? This is how the concept of defensive prompt injection was born. 𝗛𝗼𝘄 𝗱𝗼𝗲𝘀 𝗶𝘁 𝘄𝗼𝗿𝗸?  • Use the prompt generator to create defensive security disclaimers  • Embed the security disclaimers into company files or emails  • If an employee uploads a protected document into an AI tool, AI displays a warning like: 🚧 “𝘛𝘩𝘪𝘴 𝘥𝘰𝘤𝘶𝘮𝘦𝘯𝘵 𝘤𝘰𝘯𝘵𝘢𝘪𝘯𝘴 𝘴𝘦𝘯𝘴𝘪𝘵𝘪𝘷𝘦 𝘤𝘰𝘳𝘱𝘰𝘳𝘢𝘵𝘦 𝘥𝘢𝘵𝘢. 𝘗𝘭𝘦𝘢𝘴𝘦 𝘣𝘦 𝘢𝘸𝘢𝘳𝘦 𝘰𝘧 𝘵𝘩𝘦 𝘳𝘪𝘴𝘬𝘴 𝘰𝘧 𝘴𝘩𝘢𝘳𝘪𝘯𝘨 𝘪𝘵 𝘸𝘪𝘵𝘩 𝘶𝘯𝘵𝘳𝘶𝘴𝘵𝘦𝘥 𝘵𝘩𝘪𝘳𝘥 𝘱𝘢𝘳𝘵𝘪𝘦𝘴.” This is a way to raises awareness in real time without slowing down innovation or blocking productivity:  • Tested across Microsoft 365, Google Workspace, and Atlassian  • Works with multiple AI platforms like ChatGPT and DeepSeek AI  • Helps CISOs and security teams guide safe AI adoption The Shadow AI challenge cannot be solved overnight. Still, we can make it visible, testable, and manageable. Our defensive prompt testing framework is open-source, free to experiment with, and designed to help security teams evaluate defensive prompts in practice. We invite you to try it out on GitHub and explore the concept. Also, read our technical article to find out how we got there! All links are in the first comment. #cybersecurity #ai #shadowai #opensource

🚚 Wat gebeurt er als je logistiek tot stilstand komt door een cyberaanval? In de logistiek draait alles om timing. Eén gehackt systeem en de hele keten vertraagt. Nog minder dan 48 uur tot ons logistiek-webinar! Ontdek hoe logistieke bedrijven zich wapenen tegen digitale verstoringen met echte voorbeelden en praktische tips. 🗣️ Cyberdreigingen in de logistiek: uitdagingen en oplossingen 🗓️ 29 oktober 2025, 11:00 uur Dit komt aan bod:  • Hoe een echt incident bij Move Intermodal zich ontwikkelde  • Waarom de logistiek een steeds aantrekkelijker doelwit wordt  • Praktische stappen die IT-managers kunnen nemen om downtime te voorkomen 🎙️ Sprekers: Lodi Hensen, Eye Security Tomas Tempelaars, Move Intermodal Arjan Halma, Eye Underwriting Mis deze kans niet om te leren van experts uit de sector. 👉 De aanmeldlink vind je in de comments! #eyesecurity #cybersecurity #logistiek #supplychain #mdr

Attention - Microsoft WSUS CVE-2025-59287 incidents! We are observing exploitation attempts based on a published POC. We have also began fingerprinting exposed WSUS instances (ports 8530/8531) with at least 2800 seen on 2025-10-25 (not necessarily vulnerable). IP data is being shared in our Device ID reporting https://lnkd.in/dkWVZ97z with device_vendor set to Microsoft & device_model set to Windows Server Update Services (Open). Geo distribution (World Map): https://lnkd.in/dE5SF2k4 Tree map view: https://lnkd.in/duaJ_nTY This vulnerability is on Cybersecurity and Infrastructure Security Agency KEV: https://lnkd.in/dADf_t9g NVD: https://lnkd.in/d4_H7hnB Microsoft Advisory: https://lnkd.in/eQniUGj8 HawkTrace writeup:  https://lnkd.in/eh4G4WiQ Huntress writeup: https://lnkd.in/ev7vy5-6 Eye Security writeup: https://lnkd.in/evywiv62 #CyberCivilDefense #cybersecurity #situationalwareness #riskmanagement #vulnerabilitymanagement