CISA KEV Catalog Update Feb 12 2026
On February 12, 2026, CISA added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. The addition confirms active exploitation in the wild and triggers a remediation mandate for…
Notepad++ Supply Chain Attack: A Six-Month Nightmare
State-sponsored attackers hijacked Notepad++'s update mechanism from June to December 2025, delivering targeted malware via a compromised hosting server.This infrastructure-level breach targeted high-value users in East Asia, exposing risks in…
CVE-2025-49144 Privilege Escalation via Notepad++ Installer
🛑 Overview CVE-2025-49144 is a high-severity local privilege escalation vulnerability identified in Notepad++ versions 8.8.1 and earlier. The flaw stems from an insecure executable loading behavior during the installation process,…
Malicious Notepad++ plugins enables persistence
Researchers have revealed that threat actors may abuse Notepad++ plugins to bypass security mechanism and achieve persistence on their victim machine. A security researcher that goes by the name RastaMouse…
Poisoned Notepad++ Circulates Strong Pity Malware
The highly sophisticated hacking group known as Strong Pity is circulating laced Notepad++ installers that infect targets with malware. The Strong Pity actor group has been around since 2012 and…