Browser extensions are supposed to make life easier—VPNs for privacy, screenshot tools for productivity, ad blockers for sanity, or even unofficial translation helpers. But as we’ve warned before in our post about malicious Chrome extensions hijacking WhatsApp, convenience can come at a cost. Extensions are software, and software can create risk.

Now, a new campaign called GhostPoster has taken that risk to spooky new heights. Researchers discovered that attackers embedded malicious JavaScript inside the logo files of 17 Mozilla Firefox add‑ons. These haunted extensions were collectively downloaded more than 50,000 times, disguising themselves as everyday utilities while secretly hijacking affiliate links, injecting tracking code, and committing click and ad fraud.

In The Matrix, déjà vu isn’t just a memory trick. It’s a glitch in the simulation — the machines tweak the code, and suddenly you see the same thing twice. For Neo, it was a black cat walking past twice. For us in cybersecurity, it’s Fortinet showing up in the headlines again.

This time, the glitch is tied to FortiGate firewalls. Threat actors are actively exploiting two newly disclosed flaws — CVE‑2025‑59718 and CVE‑2025‑59719 — that allow attackers to bypass SAML SSO authentication. Patches were released last week, but déjà vu means you need to patch again.

Your favorite notepad app just made headlines — and not for a new feature. Notepad++ patched a critical flaw in its updater that allowed attackers to hijack update traffic. The vulnerability stemmed from improper authentication of update files in earlier versions, meaning malicious actors could push fake updates to unsuspecting users. Version 8.8.8 fixes the issue, but the bigger story is what this says about third‑party patching.

It’s not a Marvel movie trailer — it’s the latest headline in cybersecurity. A new phishing kit dubbed Spider‑Man has swung onto the scene, and instead of saving the day, it’s weaving a Web of Deception across Europe’s financial sector.

The Rise of ClickFix Attacks

Over the past year, ClickFix‑style attacks have become a favorite tool in the cybercriminal playbook. These campaigns lure users with CAPTCHA‑like prompts that appear harmless but are cleverly designed to trick victims into executing malicious actions against themselves. The genius of ClickFix lies in its simplicity: attackers don’t need to break into systems directly—they convince users to do the dirty work for them.