Sign up to save your podcasts
Or
Share Notepad Plus Plus Got Hacked and Your Code Editor Might Be Spying on You Right Now
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Notepad Plus Plus Got Hacked and Your Code Editor Might Be Spying on You Right Now
This is your China Hack Report: Daily US Tech Defense podcast.
Hey listeners, Ting here. Let's dive into what's been happening in the China-linked cyber threat landscape, because spoiler alert: it's been absolutely wild.
So picture this: you're using Notepad++, that beloved text editor millions of developers rely on daily. Well, Chinese state-sponsored hackers just spent the better part of 2025 hijacking your software updates. Between June and December, attackers compromised Notepad++'s web hosting infrastructure, specifically exploiting a bug to redirect users toward malicious servers. Don Ho, Notepad++'s developer, confirmed this in a blog post today, noting the highly selective targeting of organizations with East Asian interests. Security researcher Kevin Beaumont discovered that victims running compromised versions got hands-on access breaches. The technical mechanism? The hosting provider's shared servers became the attack vector, allowing redirects to malicious downloads until November when the bug got patched and access cut in early December. This echoes the 2019 SolarWinds nightmare where Russian hackers weaponized software updates against government agencies.
But wait, there's more. According to Cisco Talos research, a China-linked threat actor called UAT-8099 has been actively targeting vulnerable Internet Information Services servers across Asia, particularly Thailand and Vietnam, with their BadIIS SEO malware campaign running from late 2025 into early 2026. Meanwhile, Mustang Panda, another Chinese-tied group, deployed an updated COOLCLIENT backdoor specifically against government entities throughout 2025 for comprehensive data theft operations.
The vulnerability landscape is equally concerning. CISA added multiple actively exploited flaws to its Known Exploited Vulnerabilities catalog, including critical issues in Microsoft Office, FortiGate firewalls showing a 9.4 CVSS score, and n8n's workflow automation platform with a perfect 10.0 severity rating allowing unauthenticated server takeover. Fortinet confirmed active exploitation of CVE-2026-24858, their FortiCloud SSO authentication bypass, with attackers creating backdoor admin accounts within seconds of gaining access.
Google's Threat Intelligence Group also disrupted IPIDEA, a massive residential proxy network facilitating China-based operations, comprising over two million compromised Android devices. And Visual Studio Code users should be alarmed: researchers discovered malicious extensions with 1.5 million combined installations exfiltrating developer data directly to China-based servers, stealing source code and API keys during active coding sessions.
The defensive recommendation from authorities is crystal clear: patch everything immediately, enable multi-factor authentication across all platforms, and scrutinize your software supply chains like your network depends on it because frankly, it does.
Thanks for tuning in, listeners. Make sure you subscribe for more critical threat updates. This has been a Quiet Please production. For more check out quietplease dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here. Let's dive into what's been happening in the China-linked cyber threat landscape, because spoiler alert: it's been absolutely wild.
So picture this: you're using Notepad++, that beloved text editor millions of developers rely on daily. Well, Chinese state-sponsored hackers just spent the better part of 2025 hijacking your software updates. Between June and December, attackers compromised Notepad++'s web hosting infrastructure, specifically exploiting a bug to redirect users toward malicious servers. Don Ho, Notepad++'s developer, confirmed this in a blog post today, noting the highly selective targeting of organizations with East Asian interests. Security researcher Kevin Beaumont discovered that victims running compromised versions got hands-on access breaches. The technical mechanism? The hosting provider's shared servers became the attack vector, allowing redirects to malicious downloads until November when the bug got patched and access cut in early December. This echoes the 2019 SolarWinds nightmare where Russian hackers weaponized software updates against government agencies.
But wait, there's more. According to Cisco Talos research, a China-linked threat actor called UAT-8099 has been actively targeting vulnerable Internet Information Services servers across Asia, particularly Thailand and Vietnam, with their BadIIS SEO malware campaign running from late 2025 into early 2026. Meanwhile, Mustang Panda, another Chinese-tied group, deployed an updated COOLCLIENT backdoor specifically against government entities throughout 2025 for comprehensive data theft operations.
The vulnerability landscape is equally concerning. CISA added multiple actively exploited flaws to its Known Exploited Vulnerabilities catalog, including critical issues in Microsoft Office, FortiGate firewalls showing a 9.4 CVSS score, and n8n's workflow automation platform with a perfect 10.0 severity rating allowing unauthenticated server takeover. Fortinet confirmed active exploitation of CVE-2026-24858, their FortiCloud SSO authentication bypass, with attackers creating backdoor admin accounts within seconds of gaining access.
Google's Threat Intelligence Group also disrupted IPIDEA, a massive residential proxy network facilitating China-based operations, comprising over two million compromised Android devices. And Visual Studio Code users should be alarmed: researchers discovered malicious extensions with 1.5 million combined installations exfiltrating developer data directly to China-based servers, stealing source code and API keys during active coding sessions.
The defensive recommendation from authorities is crystal clear: patch everything immediately, enable multi-factor authentication across all platforms, and scrutinize your software supply chains like your network depends on it because frankly, it does.
Thanks for tuning in, listeners. Make sure you subscribe for more critical threat updates. This has been a Quiet Please production. For more check out quietplease dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
View all episodes
By Inception Point AiThis is your China Hack Report: Daily US Tech Defense podcast.
Hey listeners, Ting here. Let's dive into what's been happening in the China-linked cyber threat landscape, because spoiler alert: it's been absolutely wild.
So picture this: you're using Notepad++, that beloved text editor millions of developers rely on daily. Well, Chinese state-sponsored hackers just spent the better part of 2025 hijacking your software updates. Between June and December, attackers compromised Notepad++'s web hosting infrastructure, specifically exploiting a bug to redirect users toward malicious servers. Don Ho, Notepad++'s developer, confirmed this in a blog post today, noting the highly selective targeting of organizations with East Asian interests. Security researcher Kevin Beaumont discovered that victims running compromised versions got hands-on access breaches. The technical mechanism? The hosting provider's shared servers became the attack vector, allowing redirects to malicious downloads until November when the bug got patched and access cut in early December. This echoes the 2019 SolarWinds nightmare where Russian hackers weaponized software updates against government agencies.
But wait, there's more. According to Cisco Talos research, a China-linked threat actor called UAT-8099 has been actively targeting vulnerable Internet Information Services servers across Asia, particularly Thailand and Vietnam, with their BadIIS SEO malware campaign running from late 2025 into early 2026. Meanwhile, Mustang Panda, another Chinese-tied group, deployed an updated COOLCLIENT backdoor specifically against government entities throughout 2025 for comprehensive data theft operations.
The vulnerability landscape is equally concerning. CISA added multiple actively exploited flaws to its Known Exploited Vulnerabilities catalog, including critical issues in Microsoft Office, FortiGate firewalls showing a 9.4 CVSS score, and n8n's workflow automation platform with a perfect 10.0 severity rating allowing unauthenticated server takeover. Fortinet confirmed active exploitation of CVE-2026-24858, their FortiCloud SSO authentication bypass, with attackers creating backdoor admin accounts within seconds of gaining access.
Google's Threat Intelligence Group also disrupted IPIDEA, a massive residential proxy network facilitating China-based operations, comprising over two million compromised Android devices. And Visual Studio Code users should be alarmed: researchers discovered malicious extensions with 1.5 million combined installations exfiltrating developer data directly to China-based servers, stealing source code and API keys during active coding sessions.
The defensive recommendation from authorities is crystal clear: patch everything immediately, enable multi-factor authentication across all platforms, and scrutinize your software supply chains like your network depends on it because frankly, it does.
Thanks for tuning in, listeners. Make sure you subscribe for more critical threat updates. This has been a Quiet Please production. For more check out quietplease dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI
Hey listeners, Ting here. Let's dive into what's been happening in the China-linked cyber threat landscape, because spoiler alert: it's been absolutely wild.
So picture this: you're using Notepad++, that beloved text editor millions of developers rely on daily. Well, Chinese state-sponsored hackers just spent the better part of 2025 hijacking your software updates. Between June and December, attackers compromised Notepad++'s web hosting infrastructure, specifically exploiting a bug to redirect users toward malicious servers. Don Ho, Notepad++'s developer, confirmed this in a blog post today, noting the highly selective targeting of organizations with East Asian interests. Security researcher Kevin Beaumont discovered that victims running compromised versions got hands-on access breaches. The technical mechanism? The hosting provider's shared servers became the attack vector, allowing redirects to malicious downloads until November when the bug got patched and access cut in early December. This echoes the 2019 SolarWinds nightmare where Russian hackers weaponized software updates against government agencies.
But wait, there's more. According to Cisco Talos research, a China-linked threat actor called UAT-8099 has been actively targeting vulnerable Internet Information Services servers across Asia, particularly Thailand and Vietnam, with their BadIIS SEO malware campaign running from late 2025 into early 2026. Meanwhile, Mustang Panda, another Chinese-tied group, deployed an updated COOLCLIENT backdoor specifically against government entities throughout 2025 for comprehensive data theft operations.
The vulnerability landscape is equally concerning. CISA added multiple actively exploited flaws to its Known Exploited Vulnerabilities catalog, including critical issues in Microsoft Office, FortiGate firewalls showing a 9.4 CVSS score, and n8n's workflow automation platform with a perfect 10.0 severity rating allowing unauthenticated server takeover. Fortinet confirmed active exploitation of CVE-2026-24858, their FortiCloud SSO authentication bypass, with attackers creating backdoor admin accounts within seconds of gaining access.
Google's Threat Intelligence Group also disrupted IPIDEA, a massive residential proxy network facilitating China-based operations, comprising over two million compromised Android devices. And Visual Studio Code users should be alarmed: researchers discovered malicious extensions with 1.5 million combined installations exfiltrating developer data directly to China-based servers, stealing source code and API keys during active coding sessions.
The defensive recommendation from authorities is crystal clear: patch everything immediately, enable multi-factor authentication across all platforms, and scrutinize your software supply chains like your network depends on it because frankly, it does.
Thanks for tuning in, listeners. Make sure you subscribe for more critical threat updates. This has been a Quiet Please production. For more check out quietplease dot ai.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta
This content was created in partnership and with the help of Artificial Intelligence AI