The Rise of ClickFix Attacks

Over the past year, ClickFix‑style attacks have become a favorite tool in the cybercriminal playbook. These campaigns lure users with CAPTCHA‑like prompts that appear harmless but are cleverly designed to trick victims into executing malicious actions against themselves. The genius of ClickFix lies in its simplicity: attackers don’t need to break into systems directly—they convince users to do the dirty work for them.

When you think of cyberattacks, you probably picture hackers going after operating systems, firewalls, or browsers. Here’s the twist: the latest exploited vulnerability isn’t in Windows itself—it’s lurking in WinRAR, the humble file‑zipping utility you use for bundling vacation photos or compressing that large email attachment to get it out the door.

Chrome Gets a Power‑Up

Google Chrome just picked up a serious power‑up. The browser isn’t just getting faster or sleeker—it’s gaining a new set of layered defenses designed to put guardrails around its agentic artificial intelligence (AI) capabilities. For anyone keeping an eye on the future of AI‑powered browsing, this is a big deal. Agentic AI, the kind that can take actions on your behalf—navigating sites, pulling data, even completing tasks—has enormous potential. But it also opens the door to new risks, especially indirect prompt injections.

It’s not every day you see Palo Alto Networks in the headlines for brute‑force VPN login attempts. Usually, the spotlight shines on FortiNet or SonicWall when attackers go credential hunting. So when I saw Palo Alto GlobalProtect portals being targeted, I had to look twice.

For context, GlobalProtect is the VPN and remote access component of Palo Alto Networks’ firewall platform. It’s the gateway that allows employees to connect securely from outside the office. And now, it’s the latest focus of attackers who seem to have taken a break from their usual FortiNet and SonicWall campaigns.

It wouldn’t be Monday without another WordPress plugin going rogue. This time, the Sneeit Framework plugin—commonly used to power themes—is being actively exploited in the wild. The remote code execution vulnerability CVE-2025-6389 (CVSS 9.8) affects all versions prior to and including 8.3, and it’s already patched in 8.4. The flaw lets unauthenticated attackers execute code on the server. Translation: no login required for a full takeover. Update the plugin immediately and block the IPs fueling this campaign before Monday turns into incident response.