Technology

Notepad++ update server hijacked in targeted attacks — outfit claims Chinese state-sponsored hackers may be to blame

Source

Tom's Hardware

Published

Feb 3, 2026

TL;DR

AI Generated

The Notepad++ update server was compromised in a targeted supply chain attack, potentially by a Chinese state-sponsored group, redirecting specific users to malicious installers through the editor's updater. The attackers gained control to manipulate update requests and deliver trojanized installers. Notepad++ confirmed that users who downloaded installers from the official website were not affected, and the compromise was linked to the Chinese espionage group Lotus Blossom by Rapid7. Stricter validation checks have been implemented to prevent future unauthorized updates, and users are advised to upgrade to the latest release for enhanced security measures.

Read Full Article

Linux exploit instantly grants administrator access on most distributions since 2017 — cryptography optimization snafu grants root privileges to local users

A recent Linux exploit, CVE-2026-31431, allows local unprivileged users to gain root access instantly on most Linux distributions since 2017. The exploit affects popular distros like Ubuntu, RHEL, Suse, and Amazon Linux, as well as Windows' WSL2. The vulnerability, discovered by Xint Code researchers, involves a cryptography optimization flaw that grants administrator privileges through a devious attack on the AF_ALG socket. While a patch has been released, some distributions may still be vulnerable, requiring mitigation methods like disabling AF_ALG sockets. The exploit occurs in memory without leaving detectable traces on disk, making it challenging to detect with security software.

Tom's Hardware•

8 hours ago

The most severe Linux threat to surface in years catches the world flat-footed

A critical Linux vulnerability, named CopyFail (CVE-2026-31431), has been disclosed by security researchers, allowing unprivileged users to gain root access across various Linux distributions. The exploit code, released by Theori, works universally without modification, posing a significant threat to data centers and personal devices. While the Linux kernel security team patched the vulnerability in several versions, many distributions had not yet implemented the fixes at the time of the exploit's release. This flaw enables attackers to execute malicious activities like hacking multi-tenant systems and creating backdoors, emphasizing the severity of the issue.

Ars Technica•

22 hours ago

Crucial Taiwan undersea cable severed by old shipwreck — backup microwave communications activated to keep population connected

A shipwreck off Dongyin island in Taiwan has severed the undersea cable connecting it to Beigan Island, prompting the activation of backup microwave communications to maintain connectivity for the 1,500 residents. The Matsu Islands' strategic location near mainland China and the Taiwan Strait makes them crucial for Taiwan's military presence. While this incident was due to natural causes, it underscores Taiwan's vulnerability in its global connections. Recent suspicions of deliberate undersea cable damage by Chinese ships have led Taiwan to increase defensive measures and penalties for sabotage attempts. Despite wireless backups, physical undersea cables remain essential for reliable and high-bandwidth internet connections.

Tom's Hardware•

1 day ago

With $1 Cyberattacks on the Rise, Durable Defenses Pay Off

As cyberattacks that cost as little as $1 become more prevalent, the importance of robust cybersecurity defenses is highlighted. The article emphasizes the significance of writing memory-safe code over relying solely on patching vulnerabilities. Experts Evan Johnson and Justin Cappos from New York University stress the need for durable defenses in the face of rapid and powerful cyberattacks facilitated by large language models like Anthropic’s Claude Mythos. They suggest that a comprehensive approach beyond generative AI is essential for effective cyberdefense.

IEEE Spectrum•