Cybercriminals have escalated their tactics by integrating compromised websites with advanced ClickFix social engineering techniques to spread novel infostealer malware, with a single campaign hijacking over 250 WordPress sites across 12 countries. This campaign delivers stealthy in-memory payloads, while another attack identified by Microsoft exploits Windows Terminal for payload execution, deviating from the conventional Run dialog method. Since December 2025, the WordPress campaign has been active, deceiving visitors with counterfeit Cloudflare CAPTCHA challenges. The evolution of these techniques, particularly when combined with state-aligned activity involving Microsoft, signifies a shift in the threat model from purely criminal to geopolitical, necessitating a distinct approach to mitigation1. This development matters to security practitioners because it demands a revised playbook to counter the elevated threat landscape.