State-backed attackers hijacked Notepad++ update traffic via a hosting provider breach, redirecting users to malicious downloads since June 2025.
Category: cybercrime/malcode
Microsoft to disable NTLM by default in future Windows releases
Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks.
NTLM (short for New Technology LAN Manager) is a challenge-response authentication protocol introduced in 1993 with Windows NT 3.1 and is the successor to the LAN Manager (LM) protocol.
Kerberos has superseded NTLM and is now the current default protocol for domain-connected devices running Windows 2000 or later. While it was the default protocol in older Windows versions, NTLM is still used today as a fallback authentication method when Kerberos is unavailable, even though it uses weak cryptography and is vulnerable to attacks.
Microsoft: January update shutdown bug affects more Windows PCs
Microsoft has confirmed that a known issue preventing some Windows 11 devices from shutting down also affects Windows 10 systems with Virtual Secure Mode (VSM) enabled.
VSM is a Windows security feature that creates an isolated, protected memory region separate from the normal operating system (known as the “secure kernel”), using hardware virtualization that is extremely difficult for malware to access, even after a system compromise.
It protects sensitive credentials, encryption keys, and security tokens from kernel-level malware and pass-the-hash attacks, and it enables security features such as Credential Guard, Device Guard, and Hypervisor-Protected Code Integrity in Windows 10/11 Enterprise editions.
New GlassWorm attack targets macOS via compromised OpenVSX extensions
A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems.
The threat actor gained access to the account of a legitimate developer (oorzc) and pushed malicious updates with the GlassWorm payload to four extensions that had been downloaded 22,000 times.
GlassWorm attacks first appeared in late October, hiding the malicious code using “invisible” Unicode characters to steal cryptocurrency wallet and developer account details. The malware also supports VNC-based remote access and SOCKS proxying.
Malicious MoltBot skills used to push password-stealing malware
More than 230 malicious packages for the personal AI assistant OpenClaw (formerly known as Moltbot and ClawdBot) have been published in less than a week on the tool’s official registry and on GitHub.
Called skills, the packages pretend to be legitimate tools to deliver malware that steals sensitive data, like API keys, wallet private keys, SSH credentials, and browser passwords.
Originally named ClawdBot and switching to Moltbot and now OpenClaw in under a month, the project is a viral open-source AI assistant designed to run locally, with persistent memory and integrate with various resources (chat, email, local file system). Unless configured properly, the assistant introduces security risks.
Securing the Neural Frontier: Cybersecurity and Privacy Risks in Brain-Computer Interfaces and Neurotechnology
Please see my LinkedIn article: “Securing the Neural Frontier.”
We are poised to witness one of the most significant technological advancements in human history: the direct interaction between human brains and machines. Brain-computer interfaces (BCIs), neurotechnology, and brain-inspired computing have already arrived and need to be secure.
Link.
Emerging Technology Convergence Will Shape Our Future
The future won’t be built on one breakthrough. It will be shaped by how well we mesh AI, quantum, 5G, IoT, and human intelligence into secure, resilient systems. Technology advantage now comes from orchestration, not adoption.
My latest Forbes article explores why this convergence will define the next decade.
#AI #QuantumComputing #EmergingTechnology #Cybersecurity #Leadership #FutureOfTech.
Link to article.
The next decade of innovation will not be defined by a single breakthrough technology. Instead, it will be shaped by the convergence of multiple emerging technologies.
Scientists teach microorganisms to build molecules with light
Researchers are continually looking for new ways to hack the cellular machinery of microbes like yeast and bacteria to make products that are useful for humans and society. In a new proof-of-concept study, a team from the Carl R. Woese Institute for Genomic Biology showed they can expand the biosynthetic capabilities of these microbes by using light to help access new types of chemical transformations.
The paper, published in Nature Catalysis, demonstrates how the bacteria Escherichia coli can be engineered to produce these new molecules in vivo, using light-driven enzymatic reactions. This framework sets the foundation for future development in the emerging field of photobiocatalysis.
“Photobiocatalysis is basically light-activated catalysis by enzymes. Without light, the target enzyme cannot catalyze a reaction. When light is added, the target enzyme will be activated,” said Huimin Zhao (BSD leader/CAMBERS/CGD/MMG), Steven L. Miller Chair of Chemical and Biomolecular Engineering. “We have published many papers showing that it is possible to combine photocatalysis with enzyme catalysis to create a new class of photoenzymes. These artificial photoenzymes can catalyze selective reactions that cannot be achieved by natural enzymes and are also very difficult, or sometimes even not possible, with chemical catalysis.”