Fetching from the wire…
Security2026-07-18 · source-backed
Ars Technica reports that APT-grade Russian groups have adopted the fake-CAPTCHA paste-this-command technique previously confined to financially motivated crooks. When a commodity technique migrates up to nation-state operators, it means it works well enough that sophistication isn't worth the cost. If your docs or your agent ever tell a user to paste a shell command, you're training the exact behavior this exploits.
Each link below shares sources, entities, or timing with this story.
Shared entity: Ars Technica / Same source domain / Earlier coverage / Downstream implication
Both cover Ars Technica; reported by the same outlet (arstechnica.com); earlier Ars Technica coverage from 2026-07-16.
Shared entity: When / Shared topic / Earlier coverage / Tension
Both cover When; overlapping topics (agent, cost); earlier When coverage from 2026-07-13.
Shared entity: Ars Technica / Same source domain / Earlier coverage / Tension
Both cover Ars Technica; reported by the same outlet (arstechnica.com); earlier Ars Technica coverage from 2026-06-05.
Shared entity: When / Shared topic / Earlier coverage / Tension
Both cover When; overlapping topics (agent, cost); earlier When coverage from 2026-04-16.
Both cover When; overlapping topics (agent, cost); earlier When coverage from 2026-04-08.
Shared entity: When / Shared topic / Earlier coverage
Both cover When; overlapping topics (agent, docs, enough); earlier When coverage from 2026-06-26.
Both cover When; overlapping topics (agent, enough); earlier When coverage from 2026-07-17.
Shared entity: Ars Technica / Same source domain / Earlier coverage
Both cover Ars Technica; reported by the same outlet (arstechnica.com); earlier Ars Technica coverage from 2026-07-17.