Kirsten Doyle

Attackers have hijacked the update mechanism of Notepad++, one of the world’s most popular open-source text editors, delivering malware to targeted users over a period of six months. In an advisory, developer Don Ho discussed how bad actors weaponized his two-decade-old project between June and December last year. An update, said: “Multiple independent security researchers have assessed that the threat actor is likely a Chinese state-sponsored group, which would explain the highly selective targeting observed during the campaign.” The attack employed infrastructure-level compromise that enabled bad actors to intercept and redirect update traffic destined for notepad-plus-plus.org. “The exact technical mechanism remains under investigation, though the compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself. Traffic…

The Everest ransomware group has claimed responsibility for the breach against the global information management and storage firm Iron Mountain, stating that it stole approximately 1.4 terabytes of the firm’s internal and customer data. The claims were made through the group’s posts on the dark web forums. The images provided by the attackers reveal that the names of several directories contain the names of potential customer accounts and organizational documents. The ransom demand deadline is set for 11 February. Currently, no official statements have been provided by the firm regarding the breach or its potential extent. Iron Mountain manages various types of information, including physical and digital, for a broad…

It’s Data Privacy Week, the annual international awareness initiative from the National Cybersecurity Alliance (NCA) aimed at empowering individuals and businesses to value individual privacy, safeguard data, and build trust.  “Your online activities generate a treasure trove of data – from your interests to your purchases, as well as your online behaviors, and it is collected by websites, apps, devices, services, and companies across the globe, and can even include data about your physical self, such as health data,” the NCA says. The week, cybersecurity experts from many companies shared their data privacy and risk advice with us. Let’s hear what they had to say Are…

Many organizations entering 2026 do not feel they have fallen behind in their overall cyber-readiness. In fact, several believe they are doing everything right.   They now have a wide range of new tools, greater visibility into how their systems operate, an almost endless array of metrics to measure performance, and more compliance certifications than ever before. With all of this comes a great deal of confidence. Confidence, however, as this panel will demonstrate, is often used as a substitute for actual capability.  The same pattern of overestimating one’s cyber-readiness continues across various sectors and industries. Security estates that appear to be robust in design and implementation,…

Security researchers at Miggo, have disclosed a vulnerability in Google’s Gemini assistant that allowed a standard calendar invitation to be used as an attack vector, exposing private meeting data through a form of prompt injection that relied entirely on natural language. The issue was discovered by a research team led by Liad Eliyahu, head of research, and was responsibly disclosed to Google. The company confirmed the findings and has since mitigated the vulnerability, they said. The exploit shines a light on the emerging risks that come with AI-powered applications that deeply integrate with user data and productivity tools. “As application security professionals, we’re trained to spot malicious patterns. But…

ReliaQuest has investigated a phishing campaign that exploited private messages in social media to deliver weaponized files via DLL sideloading, as well as a legitimate, open-source Python pen-testing script. The company says the aim was more than likely to deploy a remote access trojan (RAT).  This approach enables bad actors to bypass detection and scale their operations with little effort while maintaining persistent control over compromised systems. Once inside, malefactors can escalate privileges, move laterally across networks, and steal data. In the report, ReliaQuest threat intelligence analyst Emily Jia discussed an unusual tactic at the heart of this campaign: the execution of an open-source Python…

Luxshare Precision Industry, a major Chinese electronics manufacturer and key Apple supplier, is alleged to have been hit by a ransomware attack in December. Bad actors are claiming they encrypted company systems and exfiltrated sensitive data linked to multiple customers. R&D data samples were leaked as proof by RansomHouse. They said: “Dear management of Luxshare Precision Industy Co. Ltd. We were waiting for you for quite some time, but it seems your IT department decided to conceal the incident that took place in your company. We strongly recommend you to contact us to prevent your confidential data, projects documents from being leaked.” The dark web post claims stolen details include internal documentation, and limited employee data, and…

Brightspeed, a US fiber broadband provider, began an internal cybersecurity investigation in early January after a cybercriminal group, Crimson Collective, said it accessed company systems and stole sensitive customer data affecting more than 1 million individuals.  The allegation was made public on 4 January 2026 via Telegram. Screenshots and small data samples were shared as apparent proof, but their authenticity has not been confirmed. Brightspeed claimed to be reviewing the claims and said it would notify customers, employees, and authorities as more information becomes available. As of now, Brightspeed has not announced customer notifications, credit monitoring, compensation programs, or even confirmed data exfiltration or a compromise of…

More than 45M French records have been exposed in an open database more than likely compiled by malicious data collectors, reports Cybernews.   Researchers said the database is a combination of data stolen in at least five breaches. It was exposed on a cloud server. Cybernews notified the server’s owners and helped take the archive down. The open database was filled with millions of French-language personal records, which seem to have been collected from multiple databases, Cybernews added. The repository appears to include a population registry, a healthcare professionals’ register, financial and KYC data, and automotive insurance CRM information. “Unlike traditional leaks caused by corporate misconfigurations, this exposure appears to be the work of a data broker or…

European travel company, Eurail BV, also known as Interrail to EU residents, has suffered a data breach in its systems that led to unauthorized access to customer data.   The organizations initially announced the news on 10 January, however, affected customers, the number of which has not been disclosed, started receiving emails on 13 January. “Following the discovery, we immediately began work to secure our systems and initiated an investigation with the support of external cybersecurity specialists and legal advisors,” the company said. Interrail said it is taking the matter “very seriously” and is conducting a full investigation to determine the scope of the incident and its potential impact on customers. “The investigation is still ongoing,”…