Veteran technology news outlet Gizmodo recently acknowledged a security breach on a Saturday in June 2026, after subscribers reported encountering deceptive ClickFix malware prompts while browsing articles. The compromise manifested as fraudulent CAPTCHA pop-ups directly embedded within Gizmodo's web pages, designed to manipulate users into unknowingly executing malicious code on their systems. According to Proofpoint threat researcher Tommy M, the operation appeared to stem from an affiliate utilizing ErrTraffic, a specialized "ClickFix-as-a-service" offering that provides threat actors with a versatile platform to deploy various malware payloads. This sophisticated delivery mechanism reportedly tailored its prompts specifically to the victim's operating system, enhancing its efficacy1. For example, a distinct version targeted Windows users. This incident underscores the ongoing risk posed by supply-chain attacks that leverage trusted journalistic platforms to distribute tailored malicious software. Cybersecurity professionals must prioritize rigorous third-party content vetting and advanced client-side protection to counteract such deceptive infiltration tactics.