Aggregator

The developers of Notepad++ disclosed a critical security breach on February 2, 2026, affecting their update infrastructure. The popular text editor, widely used by developers worldwide, became the target of a sophisticated supply chain attack that remained undetected for several months. According to the official statement, attackers gained unauthorized access through a hosting provider-level incident […]

The post Supply Chain Attack Abused Notepad++ Update Infrastructure to Deliver Targeted Malware appeared first on Cyber Security News.

ShadowSyndicate cluster expands with new SSH fingerprints connecting servers to other ransomware ops

A new spy campaign by Mustang Panda uses fake US diplomatic briefings to target government officials. Discover how this silent surveillance operation works.

GreyNoise spotted a dual-mode Citrix Gateway recon campaign using 63K+ residential proxies and AWS to find login panels and enumerate versions. Between Jan 28 and Feb 2, 2026, GreyNoise tracked a coordinated reconnaissance campaign targeting Citrix ADC and NetScaler Gateways. Attackers used over 63,000 residential proxies to discover login panels, then switched to AWS infrastructure […]

俄罗斯安全公司卡巴斯基发表了 Notepad++ 去年遭受供应链攻击的分析报告。安全研究人员发现，攻击者在 2025 年 7-10 月之间使用了三条感染链攻击十几台电脑，这些电脑属于：越南、萨尔瓦多和澳大利亚的个人；菲律宾的一家政府机构；萨尔瓦多的一家金融机构；越南的一家 IT 服务提供商。攻击者在 2025 年 7 月下旬首次部署了 Notepad++ 的恶意更新程序。恶意程序由合法的 Notepad++ 更新程序 GUP.exe 启动，启动之后会向攻击者发送包含系统信息的“心跳（heartbeat）”包，随后开始执行第二阶段的负荷。

Submit #742676 / VDB-344270

Submit #742671 / VDB-344269

Submit #742670 / VDB-344268

Submit #742666 / VDB-344267

Submit #742663 / VDB-344266

Submit #742662 / VDB-344265

The chatbot era has ended. For two years, we’ve interacted with digital assistants that summarize emails and suggest recipes, but the National Institute of Standards and Technology (NIST) now draws a definitive line between machines that talk and machines that act. Their newly released Request for Information (RFI) signals a fundamental paradigm shift in how..

The post Beyond the Chatbot: Why NIST is Rewriting the Rules for Autonomous AI appeared first on Security Boulevard.

A sophisticated malware campaign has surfaced where threat actors are distributing the ValleyRAT backdoor disguised as a legitimate installer for the popular messaging application, LINE. This targeted attack primarily focuses on Chinese-speaking users, leveraging a deceptive executable to infiltrate systems and compromise sensitive login credentials. The malware employs a complex loading chain involving shellcode execution […]

The post ValleyRAT Mimic as LINE Installer Attacking Users to Steal Login Details appeared first on Cyber Security News.

Submit #742633 / VDB-344264

Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them. [...]

A vulnerability was found in Foxit Reader 12.1.3.15356 and classified as critical. This affects an unknown function of the component Javascript saveAs API. Executing a manipulation can lead to file inclusion. This vulnerability is handled as CVE-2023-39542. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Foxit Reader 12.1.3.15356. Affected by this issue is some unknown functionality of the component Javascript exportDataObject API. Such manipulation leads to file inclusion. This vulnerability is referenced as CVE-2023-40194. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Foxit Reader 12.1.3.15356. It has been declared as critical. Affected is an unknown function of the component Javascript exportDataObject API. The manipulation results in file inclusion. This vulnerability was named CVE-2023-35985. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Foxit Reader 12.1.3.15356. It has been classified as critical. This impacts an unknown function of the component 3D Annotation Handler. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2023-32616. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.