threats

Notepad++ Hijacked by State-Sponsored Hackers

, ,

Notepad++ was hijacked by state-sponsored hackers, likely Chinese, compromising update traffic from June to December 2025. The former hosting provider confirmed the server was breached, allowing attackers to redirect Notepad++ updates. All security vulnerabilities were addressed by December 2, 2025, and the site was migrated to a more secure host. Users are advised to download v8.9.1, which includes security enhancements, and manual updates. No specific indicators of compromise were found during the investigation.

https://notepad-plus-plus.org/news/hijacked-incident-info-update/

Notepad Hijacked

, ,

Notepad++ update servers were compromised by a likely Chinese state-sponsored group from June to December 2025. Attackers intercepted update traffic, redirecting users to malicious binaries due to inadequate validation of update packages. Following the breach, Notepad++ enhanced security measures, including stricter validation processes and plans to implement XMLDSig in future updates to prevent such incidents.

https://cybersecuritynews.com/notepad-hijacked/

Can’t Stop, Won’t Stop: TA584 Innovates Initial Access

,

TA584 Cyber Threat Overview: TA584 is a prominent threat actor monitored by Proofpoint, known for rapid innovation in attack strategies. In 2025, it evolved its tactics, employing ClickFix social engineering, targeting various regions, and introducing new malware (Tsundere Bot). This actor showed a significant increase in campaign frequency, tripling monthly attacks by year's end, with a focus on quick campaign turnover and a variety of delivery methods. Its recent approach contrasts earlier patterns, highlighting its adaptability to cybersecurity defenses.

https://www.proofpoint.com/us/blog/threat-insight/cant-stop-wont-stop-ta584-innovates-initial-access

Aisuru Botnet Sets New Record With 31.4 Tbps DDoS Attack

,

Aisuru botnet set a record with a 31.4 Tbps DDoS attack, targeting telecoms and IT firms. Cloudflare mitigated this “Night Before Christmas” attack, which peaked at 200 million requests per second. The botnet, leveraging compromised devices, continues to increase DDoS incidents, with a 121% rise in attacks over 2025.

https://www.bleepingcomputer.com/news/security/aisuru-botnet-sets-new-record-with-314-tbps-ddos-attack/

Clawdbot’s Rename to Moltbot Sparks Impersonation Campaign

,

AI assistant Clawdbot was renamed Moltbot due to trademark issues, leading to impersonation campaigns. Attackers exploited the transition by creating typosquat domains and a cloned, clean code GitHub repository to mislead users, aiming for potential supply-chain attacks. Despite no immediate malware, the impersonation strategy relies on trust, risking users' API keys and data over time. Users are advised to verify sources and maintain scrutiny during transitions, while maintainers should preemptively secure domains and manage renames carefully.

https://www.malwarebytes.com/blog/threat-intel/2026/01/clawdbots-rename-to-moltbot-sparks-impersonation-campaign

Critical WhisperPair Flaw Lets Hackers Track, Eavesdrop Via Bluetooth Audio Devices

, , ,

Security researchers found a critical vulnerability in Google's Fast Pair protocol, called “WhisperPair,” allowing attackers to hijack Bluetooth audio devices to track and eavesdrop on users. The flaw affects numerous devices, regardless of smartphone OS, due to improper implementation allowing unauthorized pairing. Attackers can exploit it from up to 14 meters away, gaining control of the devices for malicious purposes. Google awarded researchers $15,000, but security updates are still pending for many devices. Users must install firmware updates to mitigate risks.

https://www.bleepingcomputer.com/news/security/critical-whisperpair-flaw-lets-hackers-track-eavesdrop-via-bluetooth-audio-devices/

Inside RedVDS: How a Single Virtual Desktop Provider Fueled Worldwide Cybercriminal Operations

,

RedVDS Infiltration: Microsoft Threat Intelligence reveals RedVDS, a VDS provider, facilitated global cybercrime, enabling phishing and fraud. It operated with cloned Windows servers for low-cost, anonymous access. Investigations resulted in takedowns of its infrastructure, highlighting it employed basic software for phishing campaigns. Cybercriminals exploited it with mass email tools and VPNs, hiding their tracks. RedVDS’ structure, payment via cryptocurrency, and operational model aided criminal scalability, leading to significant fraud losses in various countries. Microsoft calls for increased vigilance against such threats.

https://www.microsoft.com/en-us/security/blog/2026/01/14/inside-redvds-how-a-single-virtual-desktop-provider-fueled-worldwide-cybercriminal-operations/

Exclusive: Beijing Tells Chinese Firms to Stop Using US and Israeli Cybersecurity Software, Sources Say

China bans over a dozen U.S. and Israeli cybersecurity software companies due to national security concerns, urging firms to seek domestic alternatives amidst ongoing trade tensions. Companies affected include Palo Alto Networks, CrowdStrike, and Check Point. This ban reflects China's aim to replace Western technology and mitigate hacking risks.

https://www.reuters.com/world/china/beijing-tells-chinese-firms-stop-using-us-israeli-cybersecurity-software-sources-2026-01-14/

Why Attackers Are Phishing on LinkedIn (and How to Stop It)

, , ,

Phishing attacks have expanded beyond emails to social media and messaging apps like LinkedIn, where they can be particularly effective due to the platform's professional trust and accessible target identification. LinkedIn phishing is rising because traditional email security measures often do not cover direct messages, allowing attackers to reach high-value targets easily. To mitigate risks, users should treat LinkedIn messages similarly to emails, verify requests through alternative channels, implement multi-factor authentication, and receive training on recognizing phishing attempts outside of email.

https://www.pandasecurity.com/en/mediacenter/why-attackers-are-phishing-on-linkedin-and-how-to-stop-it/

Inside GoBruteforcer: AI-Generated Server Defaults, Weak Passwords, and Crypto-Focused Campaigns

,

GoBruteforcer is a modular botnet that brute-forces passwords on Linux servers, targeting FTP, MySQL, and PostgreSQL services, exploiting AI-generated defaults and weak credentials. Over 50,000 servers may be affected. Its campaigns focus on cryptocurrency databases, utilizing common usernames and weak passwords derived from AI-generated configurations. The botnet operates through a two-part system: an IRC bot for command control and a bruteforcer for password attacks. Its success is bolstered by widespread internet exposure and legacy software vulnerabilities, particularly with misconfigured services like XAMPP. The botnet dynamically updates and expands its reach while targeting specific sectors, including crypto-related services, revealing significant risks in server security.

https://research.checkpoint.com/2026/inside-gobruteforcer-ai-generated-server-defaults-weak-passwords-and-crypto-focused-campaigns/

Venezuela Strike Marks a Turning Point for US Cyber Warfare

U.S. President Trump and Gen. Dan Caine revealed the U.S. used cyber capabilities to disrupt Venezuela during a military operation against Maduro, marking a significant public acknowledgment of U.S. cyber warfare. The strikes involved extensive planning and coordination among military units. While details on execution were limited, reports indicated a blackout in Caracas coinciding with the events, and systems were disrupted to hinder Venezuela's defenses. This operation illustrates a shift towards integrating cyber tactics into military strategies, with experts warning about revealing too much of U.S. cyber capabilities.

https://www.politico.com/news/2026/01/07/venezuela-us-cyber-warfare-00713507

Crypto Investors Face Violent Home Robberies

, , ,

Surging cryptocurrency interest has led to a spike in violent home invasions and kidnappings targeting small-time investors. Julia Goodwin, a wealthy retiree, faced a harrowing experience when armed intruders broke into her home, demanding access to her crypto assets after initially losing a significant amount in a cyber hack. These crimes reflect a broader trend where criminals transition from digital hacks to physical attacks, often employing brutal tactics. Reports indicate over 215 physical crypto-related assaults since 2020, highlighting a shift towards targeting everyday individuals rather than just high-profile figures. The landscape is changing, as thieves adapt to the unique vulnerabilities that come with digital asset ownership.

https://www.bloomberg.com/features/2026-crypto-thieves-kidnappers/?accessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb3VyY2UiOiJTdWJzY3JpYmVyR2lmdGVkQXJ0aWNsZSIsImlhdCI6MTc2NzM3MDQ4OCwiZXhwIjoxNzY3OTc1Mjg4LCJhcnRpY2xlSWQiOiJUODhWNEFLR0lGU0kwMCIsImJjb25uZWN0SWQiOiJFN0UyN0Q2RDgyQjc0MEQzQTQzNkUzN0Y2ODE5MUNEMyJ9.gyY_IKMmtzAFYwqMBE48BWey6a0cRDPgL2J3QHfIvmU

Cryptographic Provenance of C2PA Ain’t Gonna Stop Deepfakes

C2PA's cryptographic signing of media files won't stop deepfakes, despite claims that it provides a solution. It lacks critical measures like mandatory adoption, viewer perception, and human perceptual training to discern authenticity. Bores' HTTPS analogy underscores issues in trust and enforcement, but overlooks the deeper human challenges of recognizing deceptive content. Perceptual training, not cryptography, is essential for navigating misinformation.

https://www.flyingpenguin.com/?p=75448

Threat Actor Landscape: What Every CISO Must Know to Stay Ahead

,

CISO advice: use threat intelligence for tailored cybersecurity. Actors use targeted tactics based on industry, requiring defenses to adapt. Key sectors face unique threats, necessitating a robust intelligence program that informs strategies, detects risks, and trains teams effectively. Regular updates to executives ensure alignment with evolving threats.

https://www.techradar.com/pro/threat-actor-landscape-what-every-ciso-must-know-to-stay-ahead

How the Human Harms of Cybercrime Shook the World in 2025

Cyberattacks in 2025 caused severe human harm, including the first confirmed ransomware-related death linked to a healthcare disruption, and unsettling incidents of personal data exploitation, such as the leaking of preschoolers' information. Major corporate attacks, like on Jaguar Land Rover, had significant economic repercussions while spreading fear among employees. Violence associated with cybercrime surged, evidenced by kidnapping and threats during negotiations, raising concerns about future trends. Additionally, advanced scams like AI-powered virtual kidnappings evolved alongside disruptions to emergency alert systems, highlighting the profound impact of cybercrime on society.

https://www.theregister.com/2025/12/28/death_torture_and_amputation_how/

Scroll to Top