NRG Networks Inc.

  Notepad++ update service was compromised Multiple independent security investigations confirm that Notepad++’s update infrastructure was hijacked between June and December 2025 . This was a supply-chain attack originating from a compromise at the hosting‑provider level , not from Notepad++’s code. What exactly was compromised? 1. Update traffic was intercepted and redirected Attackers manipulated the update endpoint ( getDownloadUrl.php ) so that some users requesting updates were silently redirected to malicious servers serving tampered executables . 2. It was targeted , not widespread All sources emphasize that only specific users were affected, likely in an espionage‑focused campaign , not a mass malware distribution effort. 3. Hosting provider compromise, not a Notepad++ bug The attackers gained access to the shared hosting environment , losing direct access in September 2025 but maintaining stolen internal service credentials through December 2, 2025. Attribution: Likely...

  What Broadcom Is Doing to the VCSP Program 1. Broadcom is shutting down the existing VCSP program Multiple sources confirm that Broadcom issued formal non‑renewal notices to many VMware Cloud Service Providers, ending contracts as of January 26, 2026 . Partners may finish existing commitments but cannot renew or create new long‑term contract commitments . 2. Moving to an invite‑only VCSP ecosystem Broadcom is replacing the open VCSP model with a highly selective, invite‑only program , keeping only a small fraction of providers . For example: • Only 19 providers in the U.S. were retained out of thousands. • Hundreds of European providers are being cut loose. 3. White Label program sunset (critical for smaller providers) The White Label model—previously the path for smaller CSPs—has been terminated (or will be phased out depending on region). This effectively eliminates market access for many small providers. 4. Providers that are cut must hand off customers Broadcom directs ...

  What’s Happening Multiple independent cybersecurity research labs (Varonis, KPMG, others) and news outlets confirm that Microsoft 365 Outlook add-ins are actively being weaponized to perform stealthy data exfiltration, persistence, phishing, and command‑and‑control (C2) —often without leaving forensic traces . Below is the detailed, source‑grounded breakdown. 1. Zero‑Trace Email Exfiltration via Malicious Outlook Add-ins  (Exfil Out&Look) Most significant attack technique identified. Varonis Threat Labs discovered a method— “Exfil Out&Look” —that abuses the Outlook add-in framework to silently exfiltrate sensitive email data. Key points: Silent deployment & execution Add-ins are just web apps defined by XML manifests (HTML/JS/CSS) with permissions. Attackers can deploy them: Per-user via Outlook Web Access (OWA) Tenant‑wide via admin permissions Massive blind spot for defenders OWA-installed add-ins generate no Unified Audit Log entries (even in E5 tenants). ...

The FBI has taken down RAMP (Russian Anonymous Marketplace) , one of the most active cybercrime forums used by ransomware gangs, initial access brokers, malware sellers, and extortion groups . The takedown affected both the clearnet and dark‑web (Tor) domains, which now display official FBI/DOJ seizure notices. Why RAMP Was Significant RAMP was: Known as “the only place ransomware allowed.” A major hub for groups including LockBit, ALPHV/BlackCat, Conti, DragonForce, Qilin, RansomHub , and more. A high‑trust marketplace offering malware, exploits, tutorials, and escrow services . Home to 14,000+ vetted users , some paying fees for anonymity. Impact of the Seizure 1. Major Disruption to Criminal Infrastructure The takedown is seen as a meaningful blow against ransomware‑as‑a‑service communities. 2. Forced Migration to Other Forums Criminal groups are already shifting activity to alternative platforms like Rehub . These migrations are chaotic and risky for criminals due to: Loss of rep...

  A massive credential leak has exposed over 149 million online accounts—including Gmail, Netflix, Yahoo, X, and many others—after an unprotected 96 GB database of stolen usernames and passwords was discovered online. The data, harvested by infostealer malware from infected personal devices, includes tens of millions of email, social media, entertainment, financial, and even government-linked accounts, posing severe risks of account takeover, fraud, and identity theft. A publicly accessible, unencrypted database containing 149,404,754 unique login credentials was discovered by cybersecurity researcher Jeremiah Fowler . The data was not a breach of Gmail, Netflix, or other platforms directly —instead, it came from infostealer malware infecting users’ devices and silently uploading stolen credentials. The exposed dataset was 96 GB and remained online for about a month before being taken down. Affected Platforms Why This Leak Is Especially Dangerous Credentials include logi...

  CVE‑2026‑24858 is a critical Fortinet vulnerability (CVSS 9.4–9.8 ) involving FortiCloud SSO authentication bypass , allowing attackers with a FortiCloud account to log into devices belonging to other customers if FortiCloud SSO is enabled. This flaw affects FortiOS, FortiManager, FortiAnalyzer , and potentially FortiWeb and FortiSwitch Manager . Attackers have been actively exploiting this vulnerability in the wild, creating rogue admin accounts, modifying firewall configs, enabling VPN access, and exfiltrating configuration files.  CISA has added CVE‑2026‑24858 to the Known Exploited Vulnerabilities (KEV) catalog and requires patching by federal agencies by Jan 30 or Feb 17, 2026 , depending on advisory. Are Patches Available? Yes—patches have been released for major product lines, but some versions still show “upcoming” in Fortinet’s advisory. Released fixed versions (confirmed): FortiOS: 7.4.11 released Future fixes: 7.6.6, 7.2.13, 7.0.19 (upcoming) FortiManager: Fi...

Short answer: Yes — in one specific, legally compelled case — Microsoft provided BitLocker recovery keys to the FBI because the user had stored those keys in Microsoft’s cloud , and a valid search warrant required Microsoft to hand them over. This is the first publicly known instance of such a disclosure. Below is what the evidence shows: What actually happened Multiple independent reports confirm the same core facts: • The FBI, during a fraud investigation in Guam, obtained a warrant for three BitLocker‑encrypted laptops. Microsoft had the recovery keys because they had been backed up to the user’s Microsoft account , which is the default on many Windows 11 systems. • Microsoft complied with the warrant and gave investigators the keys, allowing them to unlock the drives. • Microsoft says it receives around 20 requests per year for BitLocker recovery keys, but cannot fulfill most of them because the keys often are not uploaded to the cloud. • This Guam case is the first publicly...

  Security researchers have recently identified around 800,000 Telnet servers exposed to the internet , many of them running vulnerable versions of GNU InetUtils telnetd . This exposure is dangerous because a critical authentication bypass vulnerability (CVE‑2026‑24061) allows attackers to log in as root without a password . Nearly 800,000 IPs show Telnet fingerprints worldwide. [techradar.com] The flaw affects GNU InetUtils 1.9.3 through 2.7 and is fixed in version 2.8 . [bleepingcomputer.com] Attackers can exploit it simply by injecting USER=-f root during connection, which forces a root login. [csoonline.com] Exploitation began within 24 hours of patch release. GreyNoise observed 60 malicious sessions from 18 IPs , targeting root accounts in 83% of attempts. [techradar.com] Why exposed Telnet is dangerous Using Telnet today is unsafe for two main reasons: 1. Telnet transmits everything in plaintext Credentials and session data can be easily captured by anyone sniffing netw...

  Microsoft 365 Service Disruption – Staff Advisory We are currently experiencing a Microsoft 365 service disruption affecting multiple cloud workloads. This issue is external to our environment and is impacting customers nationwide. What’s Affected SharePoint Online – intermittent access issues (widely reported) General Microsoft 365 connectivity – degraded performance across multiple regions Possible impact to: Exchange Online (email access or delays) Teams (sign‑in or call drops) OneDrive/SharePoint file access Admin portal availability What You May See Slow loading or timeouts when opening Microsoft 365 apps Difficulty accessing shared files or sites Authentication delays when signing into cloud services What You Should Do Continue working locally where possible If an app fails to load, wait a few minutes and retry,  Avoid repeated sign‑in attempts, which may worsen delays Our Status We are monitoring Microsoft’s service health dashboard and will pr...

  Microsoft is hardening a Windows Server component. The focus is on Windows Deployment Services (WDS) , which supports “hands-free deployment” using an Unattend.xml (Answer file) for automated installations. A vulnerability (CVE-2026-0386) was discovered that could allow attackers to intercept this file over insecure channels, leading to remote code execution (RCE) and credential theft . Key Points: Patch Tuesday Update (KB5074109) introduced the first phase of changes on January 13, 2026 . Microsoft will phase out hands-free deployment over insecure connections : Currently still supported but discouraged. IT admins can disable it via registry keys now. By April 2026 , hands-free deployment will be blocked by default unless explicitly re-enabled. Microsoft warns that re-enabling this feature after April will be considered insecure . Additional event logs are being added to help admins monitor deployment configurations. Despite the active vulnerability, Microsoft is not immedia...

  CVE‑2025‑25249 — Heap‑Based Buffer Overflow (High Severity) The flaw exists in the cw_acd daemon , which handles certain network communications in FortiOS and FortiSwitchManager. A heap-based buffer overflow occurs when the daemon improperly manages memory and writes beyond allocated bounds. By sending specially crafted packets , a remote attacker can corrupt memory and potentially execute arbitrary code or commands. Why It’s Dangerous No authentication required — the attacker does not need credentials. Network‑reachable — can be triggered if the vulnerable service is exposed to untrusted networks (e.g., WAN, misconfigured management interfaces). High impact — successful exploitation allows: Running arbitrary commands Modifying configurations Intercepting traffic Installing persistence mechanisms Affected Products & Versions According to the advisory, the following versions are vulnerable: FortiOS 7.6.0 – 7.6.3 7.4.0 – 7.4.8 7.2.0 – 7.2.11 7.0.0 – 7....

  1. Actively Exploited Zero-Day (CVE-2026-20805) Impact: Attackers can read sensitive memory addresses, weakening ASLR and enabling exploit chaining. Risk: High for environments running Windows Desktop Window Manager (DWM). Action: Prioritize patching all Windows endpoints and servers immediately. 2. Secure Boot Certificate Expiration (CVE-2026-21265) Impact: Expired certificates could allow Secure Boot bypass, undermining OS integrity. Risk: Critical for enterprises relying on Secure Boot for compliance and device trust. Action: Update Secure Boot certificates and validate boot chain integrity across all managed devices. 3. Legacy Driver Privilege Escalation (CVE-2023-31096) Impact: Vulnerable modem drivers (agrsm.sys) can grant attackers elevated privileges. Risk: High in environments with older hardware or legacy drivers still present. Action: Remove deprecated drivers and apply patches to prevent privilege escalation. 4. Broader Vulnerability Landscape 114 flaws total...

  Why Attackers Use LinkedIn for Phishing Bypasses Email Security : LinkedIn direct messages (DMs) don’t go through corporate email gateways, so traditional anti-phishing tools can’t detect them. This creates a blind spot for security teams. High Trust Factor : Users expect outreach from recruiters or business contacts, making them more likely to engage with malicious messages. Rich OSINT Data : Public profiles reveal names, job titles, and company details, enabling attackers to craft convincing spear-phishing campaigns.  Scalable & Cheap : Hijacked accounts and AI-generated messages allow attackers to run large-scale campaigns quickly and at low cost.  Credential Harvesting : Many attacks redirect victims to fake Microsoft login pages, stealing credentials and even bypassing MFA using Adversary-in-the-Middle techniques.  Common Attack Patterns Fake Recruiter Messages : Offering job opportunities with malicious attachments or links. Investment Scams : Redirecting...

Hackers claimed to have stolen and were selling Target’s internal source code , posting samples on Gitea , a public development platform. Multiple current and former Target employees confirmed the leaked materials were authentic, matching internal systems and infrastructure. The leaked data included: Internal system names like BigRED and TAP [Provisioning] . References to Hadoop datasets , proprietary CI/CD tooling based on Vela , and supply-chain tools like JFrog Artifactory . Internal taxonomy identifiers such as “blossom IDs” , which are unique to Target’s environment. These details strongly indicate the leak was not fabricated but came from real internal repositories.  Accelerated Git Lockdown After being contacted about the leak, Target implemented an “accelerated” security change : Effective January 9, 2026 , access to git.target.com (Target’s on-prem GitHub Enterprise Server) now requires connection to a Target-managed network (on-site or via VPN). Previously, the Git ser...

  Instagram Data Leak What Happened? Cybersecurity firm Malwarebytes discovered a dataset containing personal information from approximately 17.5 million Instagram accounts circulating on dark web forums. The leaked data reportedly includes: Usernames Email addresses Phone numbers Partial physical addresses In some cases, location details .  How Did It Occur? The data appears to have been scraped via Instagram’s API , likely exploiting weaknesses in rate-limiting or privacy safeguards. A threat actor using the alias “Solonik” posted the dataset on BreachForums, claiming it originated from a 2024 API leak . Meta (Instagram’s parent company) denies any breach of internal systems , stating that the surge in password reset emails was due to a bug that allowed external parties to trigger reset requests, not unauthorized access. Risks to Users Phishing & Social Engineering: Attackers can craft convincing messages using real account details. SIM-Swapping & Account Takeove...

  What is ConsentFix? ConsentFix is a sophisticated attack that exploits the OAuth 2.0 authorization code flow , a legitimate mechanism used by applications like Azure CLI and PowerShell to authenticate users. Instead of breaking passwords or bypassing MFA through brute force, attackers manipulate this trusted flow to steal authorization codes , which can then be exchanged for access tokens granting entry to Microsoft Entra resources.  How Does It Work? Malicious Login URI Attackers craft a Microsoft Entra login URL targeting trusted apps (e.g., Azure CLI) and resources (e.g., Azure Resource Manager). User Interaction Victims are lured to a phishing page or malicious site that triggers this login flow. After successful authentication, the browser redirects to a localhost URI (e.g., http://localhost:<port> ), which normally would be handled by the legitimate app. Authorization Code Exposure Because no app is listening on localhost, the browser shows an error—but the aut...

How AI Is Exploiting Data Breaches to Accelerate Cyberattacks Artificial intelligence is fundamentally reshaping the cyber threat landscape—not by inventing entirely new attack vectors, but by supercharging the speed, scale, and precision of existing ones . Recent reporting shows that attackers are increasingly feeding stolen data into AI systems to automate reconnaissance, personalize social engineering, and accelerate exploitation cycles at machine speed. The result: attacks that once took weeks now unfold in hours . 1. Data Breaches Are Fueling AI’s Speed Advantage Massive breach datasets give AI models more training material Attackers now have access to unprecedented volumes of leaked credentials, personal data, and behavioral signals. In 2025 alone, over 16 billion login details were leaked across 30 datasets . These datasets become raw fuel for AI systems that: Identify high‑value targets Predict user behavior Generate hyper‑personalized phishing Automate ...

  Understanding Leaked Infostealer Infections A leaked infostealer infection refers to a scenario where: A malware strain (infostealer) has infected a device and stolen sensitive data such as: Credentials (Microsoft 365, VPN, banking, corporate portals) Cookies / session tokens Autofill data System information That stolen data is later uploaded to a cybercriminal marketplace or leak site —often called a “logs market.” When infostealer data becomes leaked , it means cybercriminals now have access to usernames, passwords, cookies, and other session data , posing serious corporate risks. Why This Matters for an Organization Even a single compromised personal or corporate device can lead to: ✔ Unauthorized access Attackers may log in as legitimate users with: Valid Microsoft 365 credentials Browser session cookies (let attackers bypass MFA in some cases) ✔ Business Email Compromise (BEC) Attackers impersonate employees to: Request fraudulent payments Access internal files and systems...

  The latest Windows 11 cumulative updates (24H2 and 25H2) released since July 2025 have introduced a bug that can cause the Taskbar, Start Menu, and File Explorer to crash or fail to load, especially in enterprise or managed environments. Microsoft has acknowledged the issue but has not yet released a permanent fix. What’s Happening Affected Versions: Windows 11 24H2 and 25H2 after updates like KB5062553 (July 2025) , KB5065789 (September 2025 preview) , and KB5066835 (October 2025) . Symptoms: Taskbar disappears or fails to render. Start Menu won’t open, sometimes showing critical error messages. File Explorer crashes immediately after login. Settings app silently fails to launch. Users may log into a blank desktop with no usable interface. Cause: A race condition during login prevents key XAML interface packages (MicrosoftWindows.Client.CBS, Microsoft.UI.Xaml.CBS, MicrosoftWindows.Client.Core) from registering in time. Since these packages are required for the Wind...

Cyber Monday brings incredible deals—but it also attracts cybercriminals looking to exploit shoppers . Fraudsters use fake websites, phishing emails, and misleading ads to steal money, personal information, or identities. Common Scams Fake retailer sites : Look-alike domains with odd spellings or missing security (no HTTPS). Phishing emails & texts : “Exclusive deals” or “delivery issues” that link to malicious sites. Too-good-to-be-true offers : Deep discounts on electronics, gift cards, or luxury items. Charity scams : Fraudulent donation sites targeting Giving Tuesday generosity. How to Stay Safe Shop only on trusted, secure websites (look for HTTPS). Type retailer URLs directly— don’t click links in emails or ads. Use credit cards for stronger fraud protection. Compare prices across trusted platforms to spot fake “discounts.” Verify charities before donating. Report Fraud If you suspect a scam: Contact your bank or credit card provider immediately . Report ...