State-backed attackers hijacked Notepad++ update traffic via a hosting provider breach, redirecting users to malicious downloads since June 2025.
Get the latest international news and world events from around the world.
Cloud storage payment scam floods inboxes with fake renewals
Over the past few months, a large-scale cloud storage subscription scam campaign has been targeting users worldwide with repeated emails falsely warning recipients that their photos, files, and accounts are about to be blocked or deleted due to an alleged payment failure.
Based on numerous emails seen by BleepingComputer, the campaign has escalated over the past few months, with people receiving multiple versions of the scam each day, all appearing to be sent by the same scammers.
While the email text, the messages all attempt to create a sense of urgency by claiming a payment problem or storage issue must be resolved immediately, or people’s files will be deleted or blocked.
Microsoft to disable NTLM by default in future Windows releases
Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks.
NTLM (short for New Technology LAN Manager) is a challenge-response authentication protocol introduced in 1993 with Windows NT 3.1 and is the successor to the LAN Manager (LM) protocol.
Kerberos has superseded NTLM and is now the current default protocol for domain-connected devices running Windows 2000 or later. While it was the default protocol in older Windows versions, NTLM is still used today as a fallback authentication method when Kerberos is unavailable, even though it uses weak cryptography and is vulnerable to attacks.
Microsoft: January update shutdown bug affects more Windows PCs
Microsoft has confirmed that a known issue preventing some Windows 11 devices from shutting down also affects Windows 10 systems with Virtual Secure Mode (VSM) enabled.
VSM is a Windows security feature that creates an isolated, protected memory region separate from the normal operating system (known as the “secure kernel”), using hardware virtualization that is extremely difficult for malware to access, even after a system compromise.
It protects sensitive credentials, encryption keys, and security tokens from kernel-level malware and pass-the-hash attacks, and it enables security features such as Credential Guard, Device Guard, and Hypervisor-Protected Code Integrity in Windows 10/11 Enterprise editions.
Russian hackers exploit recently patched Microsoft Office bug in attacks
Ukraine’s Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026–21509, a recently patched vulnerability in multiple versions of Microsoft Office.
On January 26, Microsoft released an emergency out-of-band security update marking CVE-2026–21509 as an actively exploited zero-day flaw.
CERT-UA detected the distribution of malicious DOC files exploiting the flaw, themed around EU COREPER consultations in Ukraine, just three days after Microsoft’s alert.
Mozilla announces switch to disable all Firefox AI features
In response to user feedback on AI integration, Mozilla announced today that the next Firefox release will let users disable AI features entirely or manage them individually.
The new “Block AI enhancements” toggle will be available in Firefox 148 on February 24 and will help block current and future generative AI features in the desktop browser from a single location. Users will also have the option to enable specific AI tools while keeping others disabled.
“We’ve heard from many who want nothing to do with AI. We’ve also heard from others who want AI tools that are genuinely useful. Listening to our community, alongside our ongoing commitment to offer choice, led us to build AI controls,” said Firefox head Ajit Varma.
New GlassWorm attack targets macOS via compromised OpenVSX extensions
A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems.
The threat actor gained access to the account of a legitimate developer (oorzc) and pushed malicious updates with the GlassWorm payload to four extensions that had been downloaded 22,000 times.
GlassWorm attacks first appeared in late October, hiding the malicious code using “invisible” Unicode characters to steal cryptocurrency wallet and developer account details. The malware also supports VNC-based remote access and SOCKS proxying.
Malicious MoltBot skills used to push password-stealing malware
More than 230 malicious packages for the personal AI assistant OpenClaw (formerly known as Moltbot and ClawdBot) have been published in less than a week on the tool’s official registry and on GitHub.
Called skills, the packages pretend to be legitimate tools to deliver malware that steals sensitive data, like API keys, wallet private keys, SSH credentials, and browser passwords.
Originally named ClawdBot and switching to Moltbot and now OpenClaw in under a month, the project is a viral open-source AI assistant designed to run locally, with persistent memory and integrate with various resources (chat, email, local file system). Unless configured properly, the assistant introduces security risks.