Quote:Introduction

On February 2, 2026, the developers of Notepad++, a text editor popular among developers, published a statement claiming that the update infrastructure of Notepad++ has been compromised. According to the statement, this was due to a hosting provider level incident, which occurred from June to September 2025. However, attackers were able to retain access to internal services until December 2025.

Multiple execution chains and payloads

Having checked our telemetry related to this incident, we have been amazed to find out how different and unique were the execution chains used in this supply chain attack. We identified that over the course of four months, from July to October 2025, attackers who have compromised Notepad++ have been constantly rotating C2 server addresses used for distributing malicious updates, the downloaders used for implant delivery, as well as the final payloads.

We observed three different infection chains overall designed to attack about a dozen machines, belonging to:

• Individuals located in Vietnam, El Salvador and Australia;
  
• A government organization located in the Philippines;
  
• A financial organization located in El Salvador;
  
• An IT service provider organization located in Vietnam.
  

Despite the variety of payloads observed, Kaspersky solutions have been able to block the identified attacks as they occurred.

In this article, we describe the variety of the infection chains we observed in the Notepad++ supply chain attack, as well as provide numerous previously unpublished IoCs related to it.

Chain #1 — late July and early August 2025

We observed attackers to deploy a malicious Notepad++ update for the first time in late July 2025. It was hosted at http://45.76.155[.]202/update/update.exe. Notably, the first scan of this URL on the VirusTotal platform occurred in late September, by a user from Taiwan.

Continue Reading...

https://eap.kaspersky.com/topic/6685/dow...0.522-mr25 

https://eap.kaspersky.com/topic/6686/dow...14.0.0.174

Quote:Version 26.1 Released January 2026​

ID Monitoring:​

• There's now smart tasks reminding user about verifying ID Monitoring related email addresses.
  

Network protection driver:​

• Network protection driver has been updated to new framework. Performance is improved in certain rare scenarios. This affects Browsing Protection, Banking Protection and Family Protection.
  

Bug fixes:​

• ID Monitoring related connection failure dialogs are now shown when needed.
  
• ID Monitoring local cache is now removed on product uninstall.
  
• Fixed a rarely occurring bug in Device Protection where real-time protection would block malware, but would fail to notify the user.
  

Quote:Android Security Bulletin—February 2026

Published February 2, 2026

This Android Security Bulletin contains details of security vulnerabilities that affect Android devices. Security patch levels of or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.

Within 48 hours after the initial publication of this bulletin, we will release the corresponding source code patches to the Android Open Source Project (AOSP) repository. We will then revise this bulletin with the AOSP links.

For more details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform, refer to the Android and Google Play Protect mitigations section.

We notify our Android partners of all issues at least a month before publishing the bulletin.

Android and Google service mitigations

This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.

• Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
  
• The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.
  

Continue Reading...

Quote:Microsoft has introduced a significant security control in the latest Windows 11 preview update designed to restrict unauthorized interaction with critical system files.

Released as part of the January 2026 non-security preview (KB5074105), this enhancement specifically targets the Storage settings menu, a sensitive area of the operating system that reveals detailed information about drive usage, temporary files, and system-reserved storage.

By implementing a mandatory User Account Control (UAC) prompt, Microsoft aims to prevent unprivileged users and potential threat actors with local access from modifying or analyzing storage configurations without explicit administrative approval.

Hardening System Security

The primary modification in this release serves as a hardening measure for local system security. Previously, users with access to an unlocked Windows session could navigate to Settings > System > Storage and view granular details regarding how hard drive space was being utilized.

This access included the ability to interact with temporary files and view the breakdown of installed applications and system files.

With the installation of KB5074105, Windows 11 versions 24H2 and 25H2 now enforce an administrative checkpoint at this gateway. When a user attempts to access the Storage settings, the operating system triggers a UAC prompt.

If the current user does not possess administrative privileges, they must provide valid credentials to proceed. This effectively mitigates the risk of “shoulder surfing” or unauthorized data manipulation by individuals who may have gained physical access to a workstation or remote access to a non-admin session.

This update applies to the most recent iterations of the Windows 11 platform, specifically version 24H2 and the newer version 25H2.

The rollout is currently in the “C-release” phase, meaning it is an optional preview that allows administrators to test the changes before they are included in the mandatory Patch Tuesday security update scheduled for February.

The following table outlines the technical specifics associated with this release:

Beyond the security hardening of the Settings menu, KB5074105 introduces updates to the underlying AI framework integrated into Windows 11. These changes affect the “Copilot+ PC” experiences, specifically updating the models used for local processing.

Continue Reading...

Quote:Microsoft’s aggressive push to embed AI throughout Windows 11 may finally be hitting the brakes. Following sustained backlash from power users and the wider Windows community, the company is now reconsidering how — and where — artificial intelligence should appear inside the operating system.

According to an exclusive report from Windows Central, internal teams at Microsoft are actively reviewing several high-profile AI features, including Copilot placements and the troubled Windows Recall experience.

Copilot overload meets user resistance

The turning point arguably began with Windows Recall. Introduced as a flagship AI feature in 2024, Recall was meant to act as a searchable timeline of everything you’ve done on your PC. Instead, it triggered immediate privacy and security concerns, forcing Microsoft to delay the feature by nearly a year.

Since then, Copilot buttons have appeared across core Windows apps such as Notepad, Paint, and File Explorer — often with limited functionality and little explanation. For many users, this felt less like innovation and more like clutter.

That frustration peaked publicly when Windows president Pavan Davuluri described Windows as evolving into an “agentic OS,” sparking thousands of negative responses across social platforms.

Continue Reading...

Quote:Google has announced a major new AI capability coming to Google Chrome. The feature, called auto browse, brings agent-style automation directly into the browser, allowing Gemini to actively interact with websites instead of just answering questions. Powered by Gemini 3, auto browse turns Chrome into something closer to a digital assistant that can do things on the web, not just help you think about them.

What is Chrome’s auto browse feature?

Auto browse is an agentic AI experience built into Chrome’s desktop version. Once enabled, Gemini appears in a sidebar on the right side of the browser, where users can chat with it and assign tasks. Instead of passively summarizing content, Gemini can now:

• Click buttons and links
  
• Scroll through pages
  
• Fill out text fields and forms
  
• Navigate multi-step workflows
  
• Interact with almost any website
  

Once a task is submitted, Gemini confirms with a simple message: “Task started.” This marks a shift from AI as an assistant to AI as an active operator inside the browser.

Real-world examples: shopping, searching, and more

Google showcased auto browse with a practical example: planning a themed party. A user can tell Gemini which site to use (for example, Etsy), what kind of party supplies to look for, and set a budget. Gemini then:

1. Visits the site
   
2. Searches for relevant items
   
3. Adds matching products to the cart
   
4. Looks for available discount codes
   
5. Prepares the checkout for review
   

Continue Reading...

Quote:Google has announced a new wave of updates to Android’s anti-theft protections, strengthening device security both before and after a phone is stolen. The company says the changes are designed to protect user data more effectively and reduce the overall value of stolen Android devices.

The updates build on Android’s existing theft protection system and introduce what Google calls “multi-layered defenses.” Some features are available broadly on devices running Android 10 and newer, while more advanced protections require newer hardware or Android 16 and above.

Stronger authentication on newer Android devices

Several of the most significant upgrades are tied to newer versions of Android, particularly Android 15 and Android 16, where Google is tightening how devices respond to suspicious activity.

More control over failed authentication locks

Android 15 introduced Failed Authentication Lock, which automatically locks the screen after too many incorrect unlock attempts. Google is now adding a dedicated on/off toggle in settings, allowing users to decide how strictly this feature is enforced.

This gives people more flexibility—especially those who want strong protection without risking accidental lockouts.

Continue Reading...

Quote:The January 2026 non-security update for Windows 11 versions 24H2 and 25H2 is now available. KB5074105 with build numbers 26100.7705 and 26200.7705 is out with a long list of various improvements, fixes, and new features.

Notable changes include new language support for Agent in Settings on Copilot+ PCs, improved MIDI services, the ability to toggle off and on Smart App Control (this previously required reinstalling Windows), new features for Windows Hello, Start menu fixes, File Explorer fixes, and more.

Here is what is new for Copilot+ PCs:

• [Agent in Settings] ​​​​​​​New! The Settings Agent now supports more languages, with expanded support for German, Portuguese, Spanish, Korean, Japanese, Hindi, Italian, and Chinese (Simplified).
  

Continue Reading...

Quote:Google Gmail has quietly entered a new era. With the rollout of Gemini-powered features, your inbox is no longer just a list of emails- it’s becoming an AI-assisted workspace that summarizes conversations, suggests replies, and turns messages into tasks.

That convenience has also sparked anxiety. Many users are asking the same question: Is Google’s AI reading my emails? The answer is more nuanced than a simple yes or no.

What Gemini Is - and Why It’s in Gmail

Gemini is Google’s flagship AI system, designed to understand and generate text, images, and code. It already powers features across Search, Docs, Maps, and smart home devices. In early 2026, Google began integrating Gemini more deeply into Gmail, turning it into a proactive assistant rather than a passive inbox.

Instead of just displaying emails in order, Gmail now highlights priorities, summarizes long threads, and extracts action items automatically.

What Gemini Can Do in Your Inbox

Once enabled, Gemini adds several AI-driven tools to Gmail:

• Email summaries that condense long threads into key points
  
• Smart reply assistance that helps draft responses in your writing style
  
• Automatic to-do lists pulled from email content
  
• Topic-based grouping that organizes related messages together
  

Basic AI features are included with free Gmail accounts, while more advanced querying and task automation are reserved for paid plans.

Is Google Actually Reading Your Emails?

Not in the human sense. Google states that no employees are manually reading Gmail messages as part of Gemini’s operation. However, the AI does require read access to your emails to function.

This isn’t entirely new - Gmail has long scanned messages to suggest calendar events or track packages. What’s different now is the depth of interpretation. Gemini doesn’t just detect keywords; it analyzes context to understand meaning, urgency, and intent.

That’s what makes some users uneasy.

Continue Rerading...