Notepad++ Supply Chain Attack by Chinese APT; Russian Group Exploits Office Zero-Day

Chinese State-Sponsored Group Lotus Blossom Compromises Notepad++ Update Infrastructure

The maintainers of the widely-used Notepad++ text editor have disclosed a major supply chain attack that compromised their update infrastructure for six months in 2025. The attack, attributed to the Chinese espionage group Lotus Blossom (Billbug), involved hijacking update requests to selectively deliver a custom backdoor named 'Chrysalis' and other malware like Cobalt Strike to a targeted set of organizations. Victims were primarily located in Southeast Asia and included government and financial entities, highlighting a sophisticated, long-running espionage campaign.

supply chainespionageAPTbackdoorcode signing +1 more

7 min read

Notepad++ Update Mechanism Hijacked in 6-Month Supply Chain Attack by Chinese APT

Qilin Ransomware Claims Breach of Tulsa International Airport, Leaks Data

Russian Ransomware Group Qilin Lists Tulsa International Airport as Victim

The Russian-affiliated Qilin ransomware group has claimed responsibility for a cyberattack against Tulsa International Airport. The group has listed the airport on its data leak site, alleging the theft of sensitive data including financial records and employee information. While airport operations reportedly remain unaffected, the incident highlights the ongoing trend of ransomware gangs targeting critical infrastructure. Qilin has been identified as a highly active group, responsible for a significant number of recent attacks.

ransomwareQilinaviationcritical infrastructuredata breach

Qilin Ransomware Claims Breach of Tulsa International Airport, Leaks Data

Sophisticated Phishing Attack Uses PDF Lures and Cloud Services to Steal Dropbox Credentials

MEDIUM

Multi-Stage Phishing Campaign Bypasses Security Using PDF Attachments and Vercel to Harvest Dropbox Logins

A new, multi-stage phishing campaign is using procurement-themed emails with benign-looking PDF attachments to bypass email security filters. The attack chain redirects victims through a legitimate cloud service, Vercel Blob, before presenting a convincing fake Dropbox login page. The goal is to harvest corporate credentials, which are then exfiltrated to an attacker-controlled Telegram bot. This layered approach is designed to appear legitimate and evade detection by both automated systems and wary users.

phishingcredential theftDropboxVercelTelegram

Sophisticated Phishing Attack Uses PDF Lures and Cloud Services to Steal Dropbox Credentials

Canada Computers Discloses Data Breach Affecting Guest Checkout Customers

Canadian Retailer Canada Computers Reports Data Breach Exposing Customer and Credit Card Information

Canada Computers Inc., a major Canadian electronics retailer, has announced a data breach that exposed the personal and credit card information of customers. The incident affected individuals who used the 'guest' checkout feature on the company's website between December 29, 2025, and January 22, 2026. The company discovered the breach on January 22 and has since launched an investigation with law enforcement. Customers who were logged into member accounts are not believed to be affected.

data breachretailcredit card fraudweb skimmingMagecart

Canada Computers Discloses Data Breach Affecting Guest Checkout Customers

Play Ransomware Hits US Instrument Manufacturer Deatak in Data Breach

Play Ransomware Gang Claims Attack on Flammability Test Instrument Maker Deatak

The Play ransomware group has claimed another victim in the manufacturing sector, listing U.S.-based instrument maker Deatak on its data breach forum. The attackers allege they have compromised and exfiltrated a wide range of private and confidential data, including client documents, employee payroll details, and financial information. This attack underscores the persistent threat that ransomware poses to specialized manufacturing firms, which often possess valuable intellectual property and sensitive corporate data.

ransomwarePlaymanufacturingdata breach

Play Ransomware Hits US Instrument Manufacturer Deatak in Data Breach

INC Ransomware Group Breaches Two U.S. Law Firms, Leaks Sensitive Client Data

INC Ransomware Claims Attacks on Hawk Law Group and Eisenberg Lowrance Lundell Lofgren

The INC ransomware group is actively targeting the U.S. legal sector, claiming responsibility for attacks on at least two law firms: Hawk Law Group and Eisenberg Lowrance Lundell Lofgren. The group alleges it has stolen highly sensitive client information, including data related to civil and criminal litigation cases, government-issued IDs, and personal details. These attacks highlight the significant risk faced by law firms, which are high-value targets for cybercriminals due to the confidential nature of the data they hold.

ransomwareINC ransomwarelegaldata breachattorney-client privilege

INC Ransomware Group Breaches Two U.S. Law Firms, Leaks Sensitive Client Data

Ransomware Attack Cripples City of New Britain, CT, Forcing Manual Operations

City of New Britain, Connecticut Network Systems Disrupted by Ransomware Attack

A ransomware attack has caused significant and ongoing disruption to the municipal network systems of New Britain, Connecticut. The attack, which began last week and was later confirmed as ransomware, has impacted the city's entire internet server. As a result, city departments have been forced to abandon digital systems and revert to manual 'pen and paper' operations. Federal authorities have been called in to assist with the investigation and response efforts.

ransomwaregovernmentmunicipalityincident response

Ransomware Attack Cripples City of New Britain, CT, Forcing Manual Operations

FCC Warns Telecoms of 4x Increase in Ransomware, Urges Better Security

INFORMATIONAL

FCC Issues Alert to Telecommunications Sector Amidst Rising Ransomware Attacks

The U.S. Federal Communications Commission (FCC) has issued a formal alert to the telecommunications industry regarding the escalating threat of ransomware. Citing data that shows a fourfold increase in attacks on the sector between 2022 and 2025, the FCC's Public Safety and Homeland Security Bureau is urging providers to adopt fundamental cybersecurity best practices. The warning emphasizes that vulnerable communications networks pose a significant risk to national security and public safety, and calls for actions like patching, MFA, and network segmentation.

FCCtelecomransomwareregulationnational security

FCC Warns Telecoms of 4x Increase in Ransomware, Urges Better Security

Updated Articles (3)

Health-ISAC Report: AI-Enabled Attacks Named Top Threat to Healthcare Sector in 2026

INFORMATIONAL

AI-Driven Attacks, Supply Chain Risks Top Concerns in Health-ISAC's 2026 Threat Report

Update:

The Health-ISAC report now includes specific 2025 statistics, showing a 55% increase in cyber incidents across all sectors and a 21% rise in healthcare. Ransomware was identified as the top threat in 2025, causing significant disruptions. While AI-enabled attacks remain the top concern for 2026, these new figures underscore the immediate and ongoing impact of ransomware. The report also provides more detailed mitigation guidance, including specific MITRE ATT&CK references for ransomware defense and preparation for AI-powered threats.

January 27, 2026

Updated: February 3, 2026

4 min read

Threat IntelligenceHealthcareAIRansomwareSupply Chain Attack +1 more

Health-ISAC Report: AI-Enabled Attacks Named Top Threat to Healthcare Sector in 2026

Microsoft Patches Actively Exploited Office Zero-Day (CVE-2026-21509) Under Targeted Attack

CRITICAL

Microsoft Releases Emergency Patch for Actively Exploited Office Zero-Day Flaw CVE-2026-21509

Update:

New intelligence reveals Russian state-sponsored threat group APT28 (aka Fancy Bear) is behind 'Operation Neusploit,' actively exploiting CVE-2026-21509. The campaign targets government-related entities in Ukraine, Slovakia, and Romania using malicious RTF documents. Attackers leverage WebDAV to deliver payloads like 'MiniDoor,' an email-stealing implant, and a Covenant Grunt payload, indicating sophisticated espionage operations. This attribution confirms the high-profile nature of the ongoing exploitation and provides critical details on the threat actor's TTPs and objectives.

January 28, 2026

Updated: February 3, 2026

zero-dayMicrosoft OfficeCVE-2026-21509security feature bypassCISA KEV +2 more

Microsoft Patches Actively Exploited Office Zero-Day (CVE-2026-21509) Under Targeted Attack

Open VSX Marketplace Hit by Supply Chain Attack Spreading "GlassWorm" Malware