Notepad++ Hijacked Incident Update. WinGUp updates were selectively redirected. Learn how to verify signatures and safely upgrade to v8.9 or later. Since then, Notepad++ has significantly hardened the update process with signature and certificate checks.

Credential leak 149 million passwords in an unsecured, publicly accessible database. Key risks include credential stuffing, account takeovers, and identity fraud, plus practical steps to protect yourself.

Kimwolf Botnet: Threat via Residential Proxies. Kimwolf Botnet threatens enterprise networks by leveraging residential proxies. This enables it to scan local IP ranges from within home networks, increasing the risk that corporate and government environments may be indirectly affected. Research findings and telemetry data suggest a scale of more than 1.8 million to over 2 million compromised devices.

The VS Code Extension Malware “ClawdBot Agent” disguised itself as an AI coding assistant, fetched a remote configuration when VS Code started, and installed a preconfigured ConnectWise ScreenConnect client. This allowed attackers to establish persistent remote access to Windows systems.

Zero-Day Vulnerability – CVE-2026-21509 in Microsoft Office: Actively Exploited Security Feature Bypass – Facts, Updates, and Mitigations

CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to the KEV Catalog