Breaking in with CrashFix, supply chain security, and CMMC phase 1 – Anna Pham, David Zendzian, Jacob Horne – ESW #449
Interview with Anna Pham
Breaking in with ClickFix: Anatomy of a modern endpoint attack
Cybersecurity company Huntress just published a report on a new ClickFix variant they’ve discovered, which they’ve dubbed CrashFix. This technique was developed by KongTuke to serve as the primary lure within a new custom malicious browser extension also created by the group.
In short, the team observed the threat actors using KongTuke’s malicious browser extension to display a fake security warning, claiming the browser had “stopped abnormally” and prompting users to run a “scan” to remediate the threats. Upon “running the scan,” the user is presented with a fake “Security issues detected” alert and instructed to manually “fix” the issue by opening the Windows Run dialog, pasting from their clipboard, and pressing Enter.
The malicious extension silently copies a PowerShell command to the clipboard, disguised as a legitimate repair command. From there, they execute the malicious command.
Segment Resources:
Interview with David Zendzian
Continuous compliance and real security lifecycle management
Supply chain attacks are not just on the rise; attackers are learning from the past, making these attacks even more effective and dangerous than before. It was just over a month ago when the Shai-Hulud attack first impacted NPM packages, forcing enterprises around the world into lockdown. While only 187 packages were compromised in that initial incident, it served as a wake-up call for many: an accurate inventory of systems is good, but a clear, real-time Software Bill of Materials (SBOM) for applications is non-negotiable.
In this world of manifest based infrastructure and container based applications with (real) "devsecops", the dream of continuous upgrades of OS/Runtime/Stack/App and App Dependencies is very mature and there are solid examples of companies and federal entities managing this at scale without thousands of teams and people.
Segment Resources:
Interview with Jacob Horne
CMMC Phase 1 Enforcement — What the November 10 Deadline Means for the Defense Supply Chain
With the upcoming CMMC Phase 1 enforcement on November 10, cybersecurity teams across the defense and federal supply chain are facing new compliance requirements that directly affect contract eligibility and data-protection standards. Jacob Horne, Chief Cybersecurity Evangelist at Summit 7, can break down what this milestone means for enterprise security leaders, MSPs/MSSPs, and contractors preparing for audits.
Anna is a Senior Hunt & Response Analyst at Huntress. She is a seasoned cybersecurity professional specializing in malware reverse engineering, threat hunting, and response. With a GIAC Reverse Engineering Malware Certification (GREM) and a career spanning roles at eSentire, Toyota, and Palo Alto, Anna brings a wealth of expertise and relentless drive to protect businesses from cyber threats.
At Huntress, Anna thrives on the proactive approach of hunting down threats before they can harm businesses of all sizes, finding immense satisfaction in making a tangible difference. Her favorite cybersecurity tip? “Modern attackers don’t hack systems—they hack people. Be your own firewall.”
David is the VMware Tanzu by Broadcom Global Field CISO and Security Champion, with over 30 years in IT and Security. As Field CISO, he focuses on security, risk, governance, and compliance for Tanzu customers building and running modern applications in regulated businesses. As Security Champion, he represents Tanzu in Broadcom’s GRC and security initiatives.
He joined Tanzu through VMware and Pivotal. Previously, David was the first employee and CISO at a stealth FDIC-regulated startup bank. Before that, he co-founded a multi-regional provider of hybrid cloud managed security and hosting, focusing on PCI, HIPAA, and other security solutions. This followed years as a PCI QSA and Penetration Tester for companies like Virgin Mobile, Wells Fargo, and the US Marine Corps.
An industry leader, he speaks at events like Security BSides and is a co-founder and Board member of Security BSides Charleston, a 501c3 providing information security training since 2012.
Jacob Horne is the Chief Cybersecurity Evangelist at Summit 7, specializing in DFARS, NIST, and CMMC compliance for contractors in the Defense Industrial Base. With over 18 years of experience in offensive and defensive cybersecurity operations, he began his career as an NSA intelligence analyst and U.S. Navy cryptologic technician. As a civilian, Jacob has led governance, risk, and compliance teams at AT&T, Northrop Grumman, and the NIST Manufacturing Extension Partnership. He has developed and taught cybersecurity training programs for organizations including the NSA National Cryptologic School, UCLA, and UC Irvine. Jacob holds a master’s degree in cybersecurity risk and strategy from NYU and an MBA from the UC Irvine Paul Merage School of Business.
Security Weekly listeners save $100 on their RSAC 2026 All Access Pass! RSAC 2026 Conference will take place March 23rd to March 26th in San Francisco. To register using our discount code, please visit securityweekly.com/rsac26 and use the code 56U5SECWEEKLY! We hope to see you there!
