Browser Security Roundup: ClickFix Phishing, PeckBirdy C2, React Flaws

ClickFix Attacks Expand Using Fake CAPTCHAs and Trusted Web Services

• The ClickFix phishing campaign has evolved, now leveraging fake CAPTCHAs, Microsoft JavaScript files, and reputable web services to steal user credentials.
• Attackers are exploiting Microsoft's Content Delivery Network (CDN) to host malicious JavaScript, making it harder for security tools to distinguish between legitimate and malicious content.
• The campaign targets a wide range of organizations, including financial institutions, government entities, and software providers, using a persistent CAPTCHA loop to deceive victims.

Source: The Hacker News | Date: January 29, 2026

China-Linked Hackers Deploy PeckBirdy JavaScript C2 Framework

• China-linked threat actors have been observed deploying the PeckBirdy JavaScript command-and-control (C2) framework in cyberespionage operations since at least October 2023.
• PeckBirdy functions as a versatile modular implant, capable of collecting system information, executing shell commands, and facilitating file transfers within compromised web environments.
• The framework relies on a combination of malicious JavaScript and HTML, enabling attackers to maintain persistence and control over compromised systems via browser interactions.

Source: The Hacker News | Date: January 29, 2026

Mozilla Seeks User Input for Firefox's Future Direction

• Mozilla has launched a global survey to gather user feedback on the future evolution of Firefox, focusing on key areas such as privacy, security, and open web initiatives.
• The initiative aims to understand user priorities for new features and improvements, specifically highlighting calls for enhanced privacy controls and advanced security protocols within the browser.
• This endeavor underscores Mozilla's commitment to user-centric development and its mission to foster a healthier internet, inviting community participation in shaping the browser's direction.

Source: Mozilla Blog | Date: January 29, 2026

Attackers Exploiting React2Shell Vulnerability in IT Sectors

• A critical new vulnerability, dubbed "React2Shell," is being actively exploited to achieve remote code execution (RCE) on systems running vulnerable React-based web applications.
• The exploit specifically targets weaknesses in the server-side rendering (SSR) mechanism of React applications, allowing attackers to inject malicious code through crafted HTTP requests.
• This vulnerability poses a significant risk to IT sectors, where React is widely utilized for web development, necessitating immediate patching and robust mitigation strategies.

Source: Cybersecurity News | Date: January 29, 2026

Multiple DoS Vulnerabilities Found in React Server Components

• Several vulnerabilities have been identified in React Server Components that could lead to Denial of Service (DoS) attacks, severely impacting the availability and performance of web applications.
• The flaws primarily involve inefficient processing of malformed or excessively large inputs, which can exhaust server resources and prevent legitimate users from accessing services.
• Developers are strongly advised to update their React implementations to the latest versions and implement comprehensive input validation to protect against these DoS attack vectors.

Source: Cybersecurity News | Date: January 29, 2026

References

1. ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services - The Hacker News
2. China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023 - The Hacker News
3. The State of Mozilla: Are you ready to choose your future? - Mozilla Blog
4. Attackers Exploiting React2Shell Vulnerability to Attack IT Sectors - Cybersecurity News
5. Multiple Vulnerabilities in React Server Components Enable DoS Attacks - Cybersecurity News