At least one 7-Zip user
January 26, 2026
•[ malware distribution, proxy botnet, domain impersonation ]
Toms Hardware reported that the unofficial domain 7-zip.com (not the official 7-zip.org) served malware-laden downloads for roughly ten days, from January 12 to January 22. The site initially displayed legitimate links, but after 2030 seconds a script swapped download links to a malicious executable, likely to evade basic automated scanning. The malwares primary described function was to install a proxy service, turning victims PCs into nodes in a proxy botnet that criminals could route traffic through to obscure their origins. This is a malware distribution campaign impacting end users rather than a single named victim organizations breach.
At least one user of Notepad++
December 12, 2025
•[ vulnerability, supply chain attack, software update attack ]
PCGuia reported that a critical vulnerability in Notepad++s automatic update mechanism was actively exploited, allowing attackers to intercept update traffic and distribute compromised/malicious versions of the software to users of versions prior to 8.8.9. The article states developers urged users to avoid the built-in updater and instead manually download the installer from the official site or trusted repositories. It also cites reporting that several organizations suffered serious breaches shortly after updating, and notes that the mitigations in version 8.8.9 included forcing the update URL to GitHub and improvements related to certificate/signature verification. The specific attacker identity, the full list of affected downstream organizations, and whether any sensitive data was exfiltrated from victims are not detailed in the article.
