Tag: update
-
Open-source attacks move through normal development workflows
Software development relies on a steady flow of third-party code, automated updates, and fast release cycles. That environment has made the software supply chain a routine … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/open-source-attacks-supply-chain-development-workflows/
-
NDSS 2025 VeriBin: Adaptive Verification Of Patches At The Binary Level
Session 11B: Binary Analysis Authors, Creators & Presenters: Hongwei Wu (Purdue University), Jianliang Wu (Simon Fraser University), Ruoyu Wu (Purdue University), Ayushi Sharma (Purdue University), Aravind Machiry (Purdue University), Antonio Bianchi (Purdue University) PAPER VeriBin: Adaptive Verification of Patches at the Binary Level Vendors are often provided with updated versions of a piece of software,…
-
Chinese Hackers Hijack Notepad++ Updates for 6 Months
State-sponsored threat actors compromised the popular code editor’s hosting provider to redirect targeted users to malicious downloads. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/chinese-hackers-hijack-notepad-updates-6-months
-
Notepad++ users take note: It’s time to check if you’re hacked
Suspected China-state hackers used update infrastructure to deliver backdoored version. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/02/notepad-updater-was-compromised-for-6-months-in-supply-chain-attack/
-
Notepad++ says Chinese government hackers hijacked its software updates for months
The developer of the popular text editor Notepad++ said hackers associated with the Chinese government hijacked its software update mechanism to deliver tainted software to users for months. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/02/notepad-says-chinese-government-hackers-hijacked-its-software-updates-for-months/
-
Notepad++ Updates Delivered Malware After Hosting Provider Breach
A months-long breach allowed Chinese State-sponsored hackers to hijack Notepad++ updates in 2025, exposing users to malware via a compromised hosting provider. First seen on hackread.com Jump to article: hackread.com/notepad-updates-malware-hosting-breach/
-
January update shutdown bug affects more Windows PCs
Microsoft has confirmed that a known issue preventing some Windows 11 devices from shutting down also affects Windows 10 systems with Virtual Secure Mode (VSM) enabled. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-january-update-shutdown-bug-affects-more-windows-pcs/
-
Notepad++ Update Servers Hijacked in Targeted Supply Chain Attack
Attackers hijacked Notepad++ update servers to selectively deliver trojanized installers through a trusted update channel. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/notepad-update-servers-hijacked-in-targeted-supply-chain-attack/
-
Notepad++ Update Hijacking Linked to Hosting Provider Compromise
A supply chain attack on Notepad++ update process was linked to compromised hosting infrastructure First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/notepad-update-hijacked/
-
Notepad++ hijacked by suspected state-sponsored hackers
In a security update posted on the project’s website, the development team said the attack did not exploit a flaw in the editor’s source code itself. Instead, the compromise occurred at the infrastructure level, involving systems used to deliver software updates. First seen on therecord.media Jump to article: therecord.media/popular-text-editor-hijacked-by-suspected-state-sponsored-hackers
-
Notepad++ update feature hijacked by Chinese state hackers for months
Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/notepad-plus-plus-update-feature-hijacked-by-chinese-state-hackers-for-months/
-
Notepad++ update service hijacked in targeted state-linked attack
Breach lingered for months before stronger signature checks shut the door First seen on theregister.com Jump to article: www.theregister.com/2026/02/02/notepad_plusplus_intrusion/
-
How state-sponsored attackers hijacked Notepad++ updates
Suspected Chinese state-sponsored attackers hijacked the Notepad++ update mechanism by compromising the software project’s shared hosting server and intercepting and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/02/2025-notepad-supply-chain-compromise/
-
How state-sponsored attackers hijacked Notepad++ updates
Suspected Chinese state-sponsored attackers hijacked the Notepad++ update mechanism by compromising the software project’s shared hosting server and intercepting and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/02/2025-notepad-supply-chain-compromise/
-
âš¡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage.Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident shows how defenders adapt, and how fast attackers try to stay…
-
Notepad++: Staatliche Hacker kapern Update-Server monatelang
Über ein halbes Jahr lang gelang es staatlichen Hackern, die Kontrolle über die Update-Funktion von Notepad++ zu übernehmen. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/malware/notepad-staatliche-hacker-kapern-update-server-monatelang-325678.html
-
Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates
Notepad++ maintainer says nation-state attackers hijacked the app’s update system by redirecting traffic at the hosting provider level. The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. >>According to the…
-
Microsoft fixes bug causing password sign-in option to disappear
Microsoft has fixed a known issue that was causing the password sign-in option to disappear from the lock screen options after installing Windows 11 updates released since August 2025. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-causing-password-sign-in-option-to-disappear/
-
Muss Motorola wirklich keine Updates für fünf Jahre bringen?
Immer wieder wird behauptet, dass Motorola eine schwammige Formulierung in der Ökodesign-Richtlinie der EU ausnutzt, um keine Updates zu liefern. Aber stimmt das? First seen on golem.de Jump to article: www.golem.de/news/android-muss-motorola-wirklich-keine-updates-fuer-fuenf-jahre-bringen-2602-204875.html
-
Notepad++ Users Targeted After State-Backed Attackers Hijack Update Servers
Notepad++ fell victim to a sophisticated supply chain attack orchestrated by state-sponsored threat actors who compromised its update infrastructure over a six-month campaign. Security experts have attributed the attack to a Chinese state-backed group based on the highly selective targeting and technical sophistication demonstrated throughout the incident. Attack Timeline and Scope The compromise began in…
-
Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility’s update mechanism to redirect update traffic to malicious servers instead.”The attack involved [an] infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org,” developer Don Ho said. “The compromise occurred at the hosting First seen on thehackernews.com Jump…
-
Texteditor: Notepad++-Server gehackt und Update-Traffic manipuliert
Angreifern ist es gelungen, die Update-Infrastruktur von Notepad++ zu kompromittieren und Traffic umzuleiten. Der Entwickler entschuldigt sich. First seen on golem.de Jump to article: www.golem.de/news/texteditor-notepad-server-gehackt-und-update-traffic-manipuliert-2602-204876.html
-
Texteditor: Notepad++-Server gehackt und Update-Traffic manipuliert
Angreifern ist es gelungen, die Update-Infrastruktur von Notepad++ zu kompromittieren und Traffic umzuleiten. Der Entwickler entschuldigt sich. First seen on golem.de Jump to article: www.golem.de/news/texteditor-notepad-server-gehackt-und-update-traffic-manipuliert-2602-204876.html
-
Notepad++ Hijacked: State-Sponsored Actors Poisoned Updates for Months
Tags: updateThe post Notepad++ Hijacked: State-Sponsored Actors Poisoned Updates for Months appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/notepad-hijacked-state-sponsored-actors-poisoned-updates-for-months/
-
Update-Panne bei Microsoft: Auch Windows-10-Systeme lassen sich nicht runterfahren
Einige Windows-11-Systeme haben seit dem Januar-Patchday Probleme mit dem Shutdown. Jetzt gesteht Microsoft: Auch Windows 10 ist betroffen. First seen on golem.de Jump to article: www.golem.de/news/update-panne-bei-microsoft-auch-windows-10-systeme-lassen-sich-nicht-runterfahren-2602-204870.html
-
When responsible disclosure becomes unpaid labor
Tags: ai, bug-bounty, ciso, cloud, compliance, control, credentials, cve, cvss, cybersecurity, data, email, exploit, finance, flaw, governance, healthcare, incident response, infrastructure, jobs, open-source, ransom, risk, security-incident, service, software, threat, tool, update, vulnerability, warfaresupposed to function and how it increasingly does in practice. Enter the gray zone of ethical disclosure: The result is a growing gray zone between ethical research and adversarial pressure. Based on years of reporting on disclosure disputes, that gray zone tends to emerge through a small set of recurring failure modes.Silent treatment and severity…
-
eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer systems.”Malicious updates were distributed through eScan’s legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise First seen on thehackernews.com Jump to…
-
Optionales Januar Windows 11 erhält kleinere Neuerungen und Fehlerbehebungen
Das optionale Januar-Update für Windows 11 25H2 und 24H2 beinhaltet kleinere Neuerungen und behebt einige Fehler. First seen on computerbase.de Jump to article: www.computerbase.de/news/betriebssysteme/optionales-januar-update-windows-11-erhaelt-kleinere-neuerungen-und-fehlerbehebungen.95989
-
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer’s resources to push malicious updates to downstream users.”On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions published to Open VSX that embed the…