Cybersecurity

A significant cybersecurity incident targeting Notepad++ has been disclosed, revealing a prolonged hijacking attempt by suspected Chinese state-sponsored hackers. Between June and December 2025, attackers compromised the application's shared hosting infrastructure to intercept and redirect update traffic. This allowed for the distribution of malicious update manifests to selective users by exploiting insufficient update verification controls in older versions of the software. Although the hosting provider implemented remediation steps by December 2, 2025, Notepad++ has since migrated to a more secure hosting environment. To prevent future incidents, the WinGup updater was enhanced in v8.8.9 to verify digital certificates and signatures. Furthermore, the upcoming v8.9.2 release will enforce XMLDSig verification for update manifests, ensuring the integrity of the update process through multiple layers of authentication and cryptographic validation.

A major security flaw in Google Cloud's API key management has been discovered. Previously non-sensitive keys used for Google Maps or Firebase now retroactively grant access to the Gemini API if enabled in the same project. This allows attackers to access private data and incur billing charges using publicly exposed keys found in client-side code.

LinkedIn's identity verification process uses a third-party service called Persona, which collects extensive personal and biometric data, including facial geometry and passport scans. This data is shared with 17 subprocessors, mostly US-based AI and cloud companies, and may be used for AI training or accessed via the US CLOUD Act.

The author details their migration from the Apple ecosystem to GrapheneOS on a Google Pixel 9a. They explore the system's focus on privacy and security, providing a practical guide on installation via web flasher, managing sandboxed Google services, using open-source app aggregators like Obtainium and Aurora Store, and configuring advanced user profiles and permissions.

The Poison Fountain technique generates vast amounts of subtly incorrect data to protect against unauthorized web scraping. By injecting small errors into code, structured data, and prose, it creates a 'practically endless' stream of adversarial content that degrades the quality of datasets used for training machine learning models and artificial intelligence.

The article discusses how mobile carriers can bypass standard cell tower triangulation to obtain precise GNSS location data from devices. Using control-plane protocols like RRLP in 2G/3G and LPP in 4G/5G, carriers can silently request a phone's exact GPS coordinates without user knowledge. This capability has been historically exploited by law enforcement and intelligence agencies for surveillance and contact tracing. While Apple introduced a privacy feature in iOS 26.3 to limit location data sharing with cellular networks, it requires specific in-house modem hardware. The author argues that telecom infrastructure remains a significant vector for mass surveillance and calls for greater user control over these hidden positioning protocols.

Security researchers xyzeva and Dziurwa developed an open-source bypass for Discord's k-id age verification system. By reverse-engineering the AES-GCM encryption and replicating face-prediction metadata, the script tricks the FaceAssure API into verifying users as adults globally without requiring a real face scan, exploiting a lack of server-side validation for encrypted biometric data.

A platform engineer and diving instructor discovered a critical security vulnerability in a major diving insurer's member portal. The system used sequential user IDs and static default passwords, exposing sensitive personal data, including information on minors. Despite responsible disclosure to authorities, the insurer responded with legal threats and non-disclosure demands rather than expressing gratitude.

The CVE (Common Vulnerabilities and Exposures) website provides a public catalog of cybersecurity vulnerabilities. It requires JavaScript for full functionality. The system helps IT professionals and researchers identify, define, and catalog disclosed cybersecurity flaws to improve global system security and risk management.

A developer's experiment with a free .online TLD resulted in a permanent lockout due to a 'serverHold' status. Triggered by a Google Safe Browsing flag, the domain entered a Catch-22: the registry required Google to lift the flag, but Google required DNS verification which was impossible since the domain would not resolve.

Filippo Valsorda argues against using Dependabot due to excessive false positives, particularly in the Go ecosystem. He recommends replacing it with govulncheck and scheduled GitHub Actions. This approach utilizes reachability analysis to filter irrelevant security alerts and suggests testing against latest dependencies in CI without immediate, noisy version bumps.

Security researchers exposed a massive surveillance infrastructure involving OpenAI and Persona, linked to US government agencies like ICE. By analyzing leaked source maps from a FedRAMP-authorized endpoint, they uncovered a system performing 269 verification checks, facial recognition against world leaders, and direct filing of Suspicious Activity Reports to FinCEN and FINTRAC.

Microsoft warns of a phishing campaign targeting developers with fake Next.js job assessments. The attack uses VS Code workspace automation, npm build tasks, and backend scripts to install backdoors and exfiltrate credentials. Attackers leverage social engineering to compromise developer machines, gaining access to cloud secrets, tokens, and source code.

Wikipedia editors have reached a consensus to blacklist and remove nearly 700,000 links to Archive.today. The decision follows revelations that the site orchestrated a DDoS attack against a blogger and manipulated archived snapshots. Citing unreliability and malicious behavior, Wikipedia will transition to alternative services like Internet Archive to maintain source verifiability.

The Department of Justice (DoJ) release of the Epstein archives has been criticized for numerous technical failures, including poor redaction, broken search functionality, and corrupted encoding. A significant oversight discovered in the dump is the inclusion of raw base64-encoded email attachments. While the DoJ attempted to censor the archives, they inadvertently left pages of hex and base64 string data visible in the document scans. This article explores the technical challenge of reconstructing a PDF attachment (a benefit invitation) from 76 pages of low-quality, OCR-unfriendly Courier New text. The author documents failed attempts using Tesseract and Adobe Acrobat, and provides a partially successful workflow using poppler-utils and AWS Textract. The primary difficulty lies in the phonetic and visual ambiguity of characters like '1' and 'l' within JPEG-compressed scans, presenting a unique digital forensics challenge for the open-source community.

A security researcher used Claude to reverse-engineer a smart sleep mask's Bluetooth protocol and Android APK. Discovery revealed hardcoded MQTT credentials shared across all devices, exposing live EEG brainwave data from active users and allowing unauthorized remote control of hardware features like electrical muscle stimulation (EMS), highlighting significant IoT security risks.

Major European payment processor Viva.com is facing issues sending verification emails to Google Workspace users. The emails lack a Message-ID header, violating RFC 5322 standards and causing Google's servers to bounce them. Despite detailed technical bug reports, support services dismissed the issue, highlighting reliability concerns within European fintech infrastructure compared to platforms like Stripe.

In January 2026, GreyNoise analysts observed a sudden and dramatic 65% drop in global Telnet traffic within a single hour, which eventually settled at an 83% reduction from the baseline. This structural shift preceded the public disclosure of CVE-2026-24061, a critical authentication bypass vulnerability in GNU Inetutils telnetd that allows unauthenticated root access via a simple argument injection. The data suggests that major Tier 1 transit providers likely implemented port 23 filtering on backbone infrastructure in anticipation of the vulnerability's disclosure. This proactive infrastructure-level response significantly impacted residential and enterprise ISPs while leaving major cloud providers with direct peering largely unaffected. The incident highlights a potential shift in how global network operators coordinate to mitigate high-impact security risks at the routing level before they can be exploited at scale.

A recent FBI court filing has highlighted the effectiveness of Apple's Lockdown Mode, a security feature that successfully prevented federal investigators from extracting data from a Washington Post reporter's iPhone. During an investigation into classified leaks, the FBI's Computer Analysis Response Team (CART) found that the iPhone 13 belonging to Hannah Natanson was inaccessible due to this hardened security state. While the FBI was able to access her Macbook Pro using Touch ID, the iPhone remained protected. Lockdown Mode is designed to mitigate sophisticated spyware by limiting message attachments, web functionality, and physical accessory connections. This case demonstrates that the feature is also a formidable barrier against physical forensic tools like Graykey and Cellebrite, which require an unlocked connection to exploit system vulnerabilities. The incident underscores the ongoing technical struggle between consumer electronics companies and law enforcement agencies seeking digital access.

A US Homeland Security investigator rescued a girl from years of abuse by identifying specific clues in dark web images. Despite digital untraceability, the team traced a unique sofa and specific 'Flaming Alamo' bricks to a regional location. This specialized detective work highlights the importance of manual forensic analysis over automated technology in solving complex cases.