Hello everyone! Today I'm trying something new and opening up my commissions! There are only 5 slots available. My ToS will be in the following tweet, thank you everyone! #commissionsopen#Commission
what's better than one kitty in a box...two kitties in a box...? or three kitties haha!
got a liucheng suggestion and decided to try my hand at the trapped in a box thing (with bonus kitty muqing)
Writer/writing hot take:
Using 'big' words is not a personal attack on any reader.
Using 'big' words is not ableist.
Using 'big' words is not an A/I-signifier.
Using 'big' words is not elitism.
We don't know all the words in this world, and that's fine. Please unclench.
DO NOT STOP TALKING ABOUT THE EPSTEIN FILES.
Does anyone else notice that no matter how many folks are posting about the Epstein files, it never trends on X?
DO NOT touch that keyboard. This is one of the most dangerous attacks circulating right now.
This is called a ClickFix attack. It is not a CAPTCHA. It is not a verification step. It is a social engineering attack designed to make you execute malicious code on your own machine while believing you are proving you are human.
Here is exactly what happens if you follow those steps.
The fake page has already silently copied a malicious PowerShell command to your clipboard without you knowing. It happened the moment the page loaded. You did not click anything. You did not consent to anything. The clipboard was written to in the background by JavaScript running on the page.
When you press Win + R you open the Windows Run dialog. When you press Ctrl + V you paste that malicious command directly into it. When you press Run you execute it with your own permissions on your own machine. No exploit needed. No vulnerability needed. You did it yourself. Willingly. While thinking you were completing a CAPTCHA.
The payload varies. Researchers have documented ClickFix delivering infostealers, remote access trojans, and credential harvesters. The malware executes instantly and silently. By the time the Run dialog closes the damage is done.
The reason this attack works so well is threefold. The fake CAPTCHA looks visually identical to a real one. The instructions sound technical and therefore trustworthy. And critically, you are the one executing the command so endpoint security tools see a legitimate user action rather than an automated attack.
Real CAPTCHAs never ask you to open Run dialogs. Real CAPTCHAs never ask you to paste anything. Real CAPTCHAs never give you keyboard shortcuts.
If a webpage ever asks you to press Win + R for any reason, close the tab immediately.
IT'S GIVEAWAY TIME!!
To join:
✦ RT + LIKE + COMMENT which Phaidei AU you'd like to see next 👀
Prizes:
✦ 1️⃣ Full PilotStar bundle
✦ 3️⃣ Print ONLY PilotStar bundles
🗓️ Winners will be contacted via DMs after preorders close 5/24!
🔗 link & details below ⤵️