Matrix Push C2: Browser Notifications Used for Fileless Phishing

• A new threat campaign, dubbed "Matrix Push C2," is actively exploiting legitimate browser push notification services to launch fileless, cross-platform phishing attacks.
• The attack chain involves tricking users into subscribing to malicious push notifications, which then deliver deceptive alerts leading to phishing pages or drive-by malware downloads.
• This method circumvents traditional email and endpoint security controls, allowing attackers to reach victims across different operating systems and browsers with persistent, hard-to-block messages.

Source: The Hacker News | Date: November 22, 2025

References

1. Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks - The Hacker News