The maintainer of Notepad++ has revealed a significant security incident where state-sponsored attackers hijacked the utility's official update mechanism. This sophisticated breach allowed malicious actors to redirect update traffic to rogue servers instead of the official site. Developer Don Ho clarified that the issue wasn't a flaw in the Notepad++ code itself but an infrastructure-level compromise at the hosting provider level. The attack specifically targeted certain users, routing them to malicious domains to fetch poisoned executables. This redirection was made possible by vulnerabilities in how the WinGUp updater verified file integrity, a flaw that was supposedly addressed in a recent patch released in late 2025. The incident dates back as far as June 2025, showing how long the threat actors maintained access to internal services even after losing initial server access. Following the breach, Notepad++ has migrated to a new hosting provider to secure its distribution chain and protect its global user base from further exploitation.
Cybersecurity firm Arctic Wolf has issued a critical warning regarding a "new cluster of automated malicious activity" targeting Fortinet FortiGate devices. Starting around mid-January 2026, attackers have been observed exploiting FortiCloud Single Sign-On (SSO) vulnerabilities to perform unauthorized firewall configuration changes and exfiltrate sensitive data. This campaign bears a striking resemblance to a December 2025 attack wave involving CVE-2025-59718 and CVE-2025-59719, which allow for an unauthenticated bypass of SSO authentication via crafted SAML messages. Threat actors are using a malicious account, "cloud-init@mail.io," and creating several secondary administrative accounts to maintain persistence on affected networks. Perhaps most concerning are reports from the community suggesting that even fully patched devices, including FortiOS version 7.4.10, may still be susceptible to these exploits. This guide covers the specific indicators of compromise, including known malicious IP addresses, and provides the immediate mitigation step of disabling the FortiCloud SSO login feature to protect your infrastructure from these rapid, automated attacks.
The Nomani investment scam has seen a staggering 62% surge, driven by sophisticated AI deepfake advertisements across social media platforms like Facebook and YouTube. By leveraging high-resolution deepfakes of popular personalities and topical events, fraudsters are deceiving users into non-existent investment products with the promise of massive returns. ESET researchers have blocked over 64,000 unique URLs this year alone, noting a significant evolution in the scam's technical sophistication. Beyond the initial financial loss, victims are often targeted a second time by fraudulent "recovery services" posing as law enforcement agencies like Europol or INTERPOL. This blog post breaks down how the scam operates, the latest technical upgrades used by threat actors—including AI-generated HTML code and cloaking pages—and the broader implications for social media advertising platforms like Meta. We also look at the recent Reuters investigation into how these scams bypass moderation. Stay informed and learn how to spot these realistic deepfakes to protect your funds from this growing global threat.
Discover five critical vulnerabilities in Fluent Bit that could let attackers bypass auth, achieve RCE, and take over cloud infrastructures. Learn how to protect your systems.
A massive software supply chain attack has compromised over 20 popular npm packages, including chalk and debug, affecting 2B+ weekly downloads. Learn how a simple phishing attack on a maintainer led to crypto-stealing malware being distributed to millions.
WhatsApp has patched a critical zero-click vulnerability (CVE-2025-55177) on iOS and macOS. Learn how it was chained with an Apple flaw for targeted spyware attacks.
North Korean hackers target diplomats using GitHub for C2 channels. Meanwhile, their IT workers have infiltrated over 320 firms. Uncover the dual-threat tactics.
Explore the new GNOME 49 Beta, released on the project's 28th anniversary. Discover major security enhancements, including a new Privacy Hub, improved app sandboxing, and hardened Wayland protocols. Learn what these upgrades mean for your digital safety and why this release is a game-changer for Linux desktop security.
Chinese APT group UAT-7237 targets Taiwan web servers with custom open-source tools like SoundBill to establish long-term access. Learn their TTPs.
Newer posts
