Attackers are shifting credential theft campaigns towards QR codes, fake CAPTCHA pages and ClickFix-style prompts, turning familiar security checks into tools for large-scale account compromise.Fresh ...