NRG Networks Inc.

  Notepad++ update service was compromised Multiple independent security investigations confirm that Notepad++’s update infrastructure was hijacked between June and December 2025 . This was a supply-chain attack originating from a compromise at the hosting‑provider level , not from Notepad++’s code. What exactly was compromised? 1. Update traffic was intercepted and redirected Attackers manipulated the update endpoint ( getDownloadUrl.php ) so that some users requesting updates were silently redirected to malicious servers serving tampered executables . 2. It was targeted , not widespread All sources emphasize that only specific users were affected, likely in an espionage‑focused campaign , not a mass malware distribution effort. 3. Hosting provider compromise, not a Notepad++ bug The attackers gained access to the shared hosting environment , losing direct access in September 2025 but maintaining stolen internal service credentials through December 2, 2025. Attribution: Likely...

  What Broadcom Is Doing to the VCSP Program 1. Broadcom is shutting down the existing VCSP program Multiple sources confirm that Broadcom issued formal non‑renewal notices to many VMware Cloud Service Providers, ending contracts as of January 26, 2026 . Partners may finish existing commitments but cannot renew or create new long‑term contract commitments . 2. Moving to an invite‑only VCSP ecosystem Broadcom is replacing the open VCSP model with a highly selective, invite‑only program , keeping only a small fraction of providers . For example: • Only 19 providers in the U.S. were retained out of thousands. • Hundreds of European providers are being cut loose. 3. White Label program sunset (critical for smaller providers) The White Label model—previously the path for smaller CSPs—has been terminated (or will be phased out depending on region). This effectively eliminates market access for many small providers. 4. Providers that are cut must hand off customers Broadcom directs ...

  What’s Happening Multiple independent cybersecurity research labs (Varonis, KPMG, others) and news outlets confirm that Microsoft 365 Outlook add-ins are actively being weaponized to perform stealthy data exfiltration, persistence, phishing, and command‑and‑control (C2) —often without leaving forensic traces . Below is the detailed, source‑grounded breakdown. 1. Zero‑Trace Email Exfiltration via Malicious Outlook Add-ins  (Exfil Out&Look) Most significant attack technique identified. Varonis Threat Labs discovered a method— “Exfil Out&Look” —that abuses the Outlook add-in framework to silently exfiltrate sensitive email data. Key points: Silent deployment & execution Add-ins are just web apps defined by XML manifests (HTML/JS/CSS) with permissions. Attackers can deploy them: Per-user via Outlook Web Access (OWA) Tenant‑wide via admin permissions Massive blind spot for defenders OWA-installed add-ins generate no Unified Audit Log entries (even in E5 tenants). ...

The FBI has taken down RAMP (Russian Anonymous Marketplace) , one of the most active cybercrime forums used by ransomware gangs, initial access brokers, malware sellers, and extortion groups . The takedown affected both the clearnet and dark‑web (Tor) domains, which now display official FBI/DOJ seizure notices. Why RAMP Was Significant RAMP was: Known as “the only place ransomware allowed.” A major hub for groups including LockBit, ALPHV/BlackCat, Conti, DragonForce, Qilin, RansomHub , and more. A high‑trust marketplace offering malware, exploits, tutorials, and escrow services . Home to 14,000+ vetted users , some paying fees for anonymity. Impact of the Seizure 1. Major Disruption to Criminal Infrastructure The takedown is seen as a meaningful blow against ransomware‑as‑a‑service communities. 2. Forced Migration to Other Forums Criminal groups are already shifting activity to alternative platforms like Rehub . These migrations are chaotic and risky for criminals due to: Loss of rep...

  A massive credential leak has exposed over 149 million online accounts—including Gmail, Netflix, Yahoo, X, and many others—after an unprotected 96 GB database of stolen usernames and passwords was discovered online. The data, harvested by infostealer malware from infected personal devices, includes tens of millions of email, social media, entertainment, financial, and even government-linked accounts, posing severe risks of account takeover, fraud, and identity theft. A publicly accessible, unencrypted database containing 149,404,754 unique login credentials was discovered by cybersecurity researcher Jeremiah Fowler . The data was not a breach of Gmail, Netflix, or other platforms directly —instead, it came from infostealer malware infecting users’ devices and silently uploading stolen credentials. The exposed dataset was 96 GB and remained online for about a month before being taken down. Affected Platforms Why This Leak Is Especially Dangerous Credentials include logi...

  CVE‑2026‑24858 is a critical Fortinet vulnerability (CVSS 9.4–9.8 ) involving FortiCloud SSO authentication bypass , allowing attackers with a FortiCloud account to log into devices belonging to other customers if FortiCloud SSO is enabled. This flaw affects FortiOS, FortiManager, FortiAnalyzer , and potentially FortiWeb and FortiSwitch Manager . Attackers have been actively exploiting this vulnerability in the wild, creating rogue admin accounts, modifying firewall configs, enabling VPN access, and exfiltrating configuration files.  CISA has added CVE‑2026‑24858 to the Known Exploited Vulnerabilities (KEV) catalog and requires patching by federal agencies by Jan 30 or Feb 17, 2026 , depending on advisory. Are Patches Available? Yes—patches have been released for major product lines, but some versions still show “upcoming” in Fortinet’s advisory. Released fixed versions (confirmed): FortiOS: 7.4.11 released Future fixes: 7.6.6, 7.2.13, 7.0.19 (upcoming) FortiManager: Fi...

Short answer: Yes — in one specific, legally compelled case — Microsoft provided BitLocker recovery keys to the FBI because the user had stored those keys in Microsoft’s cloud , and a valid search warrant required Microsoft to hand them over. This is the first publicly known instance of such a disclosure. Below is what the evidence shows: What actually happened Multiple independent reports confirm the same core facts: • The FBI, during a fraud investigation in Guam, obtained a warrant for three BitLocker‑encrypted laptops. Microsoft had the recovery keys because they had been backed up to the user’s Microsoft account , which is the default on many Windows 11 systems. • Microsoft complied with the warrant and gave investigators the keys, allowing them to unlock the drives. • Microsoft says it receives around 20 requests per year for BitLocker recovery keys, but cannot fulfill most of them because the keys often are not uploaded to the cloud. • This Guam case is the first publicly...