WEEKLY TOP TEN: February 02, 2025, 16:00 GMT
- State-Sponsored Attackers Hijacked Notepad++
The widely used open-source text editor Notepad++ confirmed that its update delivery infrastructure was compromised by state-sponsored threat actors in a targeted supply chain attack that lasted from June to December 2025. Rather than exploiting a flaw in the application itself, attackers hijacked the update mechanism at the hosting provider level to selectively redirect software update traffic for certain users — including organizations with operations in East Asia, financial services, and government sectors — to malicious servers, potentially delivering backdoored installers. Notepad++ has since released mitigation measures and hardened update verification in newer versions to prevent similar abuse. - BridgePay Ransomware Disrupts Payment Infrastructure
BridgePay Network Solutions — a major U.S. payment gateway used by merchants nationwide — confirmed a ransomware attack that shut down key systems and caused broad outage of card-processing services. Merchants reported degraded or failed transactions, forcing some to shift to cash-only environments. Forensic teams including FBI and U.S. Secret Service are involved. Initial findings indicate no clear evidence of compromised cardholder data, but operational impact remains high across financial service ecosystems. - CISA Warns of Actively Exploited SmarterMail RCE in Ransomware Campaigns
The U.S. Cybersecurity and Infrastructure Security Agency added a critical unauthenticated remote-code-execution flaw CVE-2026-24423 in SmarterMail to its Known Exploited Vulnerabilities catalog, warning that ransomware actors are actively abusing the defect in the wild. The vulnerability affects widely deployed SmarterTools email servers and allows arbitrary command execution without authentication, a severe escalation vector for ransomware and system takeover. - Conpet (Romania) Oil Pipeline Operator Discloses Cyberattack
Romania’s national pipeline operator Conpet revealed a cyberattack that disrupted corporate IT systems and brought down its public website. Operational control of crude distribution and contractual logistics reportedly continued, but IT impacts and ongoing investigations underscore persistent threats to industrial operators’ digital infrastructure. National cybersecurity authorities and law enforcement are engaged. - DKnife Linux Toolkit Used for Malware Delivery
Security research uncovered the “DKnife” Linux toolkit hijacking router traffic to inject malware, indicating long-lived espionage campaigns using edge devices and network-level manipulation. While reported alongside other news, this is an ongoing risk vector enterprises must monitor. - Anthropic’s Claude Uncovers 500+ High-Severity Flaws
AI model Claude Opus 4.6 demonstrated the ability to identify and prioritize 500+ high-severity weaknesses in open-source libraries, showing how AI-assisted code review is evolving. While not a breach, this impacts vulnerability management workflows and tool selection. - Substack Data Breach Exposes Metadata and Contact Info
Substack disclosed a security breach affecting internal systems that exposed email addresses, phone numbers, and metadata for approximately 700,000 user accounts. There’s no evidence that financial or password data was compromised, but exposed contact details materially increase phishing and social engineering risk for users. - Open ClawHub Skills Abuse Exposes AI Agents to Malware
A research audit found 341 malicious skills in the Open ClawHub marketplace — a platform for AI assistant skills — that could steal data. This represents a supply-chain threat in emerging AI ecosystems, where third-party modules become malware delivery vectors. - Germany Warns of Signal Account Hijacking Targeting Officials
Germany’s domestic intelligence services warn of ongoing threat actor campaigns targeting Signal messaging accounts of senior officials, journalists, and diplomats. Phishing and credential compromise vectors are reportedly used to gain access, with implications for secure communications in government and diplomatic contexts. - Step Finance Suffers $40M Crypto Theft via Executive Device Compromise
DeFi platform Step Finance reported a major security breach where attackers compromised devices used by executives, stealing approximately $40 million worth of cryptocurrency. The incident part-recovered funds through technical controls but highlights persistent risk to high-privilege endpoints and treasury access within crypto ecosystems.
Our Threat Operations and Intelligence team compiles a daily digest of the most recent online cybersecurity risks. The previous 10 stories were determined to be most significant during the course of the week, ranked by highest risk, and using multiple sources when available.