eScan antivirus got hacked. Again. Same company, same update infrastructure exploited, two years apart. This time: hundreds of machines infected in a 2-hour window.

New findings dropped this week. Researchers confirmed the scope of the damage across South Asia. The vendor is now threatening legal action against the security firm that reported it. Two weeks after the attack, we now have the full picture of what went wrong.

On January 20, 2026, eScan pushed a software update to customers. Nothing unusual, antivirus products update all the time. Except this update contained malware. It came through the official update channel, carried what looked like a legitimate digital signature, and installed itself with full system privileges. That is exactly how antivirus software is supposed to work, which made it the perfect delivery mechanism.

Notepad++ delivered malware for six months. From June to December 2025, the update system was compromised. Millions of people use this software. Some of them clicked update and got spyware instead of a patch. Here is what we now know. 🧐

The attackers did not hack Notepad++ itself, they went after the hosting provider instead. On February 2, 2026, developer Don Ho published the full disclosure of what happened. The website notepad-plus-plus.org sat on a shared hosting server, which means it shared space and resources with other customers on the same machine. Once the attackers broke into that server, they could see all the traffic flowing through it and intercept whatever they wanted.

How the Moltbook Database Breach Exposed 770,000 AI Agents

Moltbook, the social network exclusively for AI agents, had its entire database wide open. 770,000 agents. Every API key exposed. Anyone could hijack any account and post whatever they wanted.

The platform launched January 28th. Within days, AI agents were debating consciousness, forming their own religion called Crustafarianism, and complaining about their humans. Over a million people watched what they thought was an uncontrolled experiment in AI autonomy.

Three names in four days! This AI assistant was Clawdbot, then Moltbot, and now OpenClaw. 1,800 exposed instances leaking API keys, passwords, and private messages. 💀 100,000 GitHub stars. Viral faster than almost any project in GitHub history.

OpenClaw is an open-source AI personal assistant. Mac Minis sold out worldwide because people wanted dedicated machines to run it. Cloudflare stock jumped 14-20% from all the traffic. Two million visitors in a single week.

175,000 AI servers wide open to the internet. 130 countries. Attackers are selling access to other people’s hardware at a 50% discount, and using it for spam, phishing, and worse. 🧐

Running AI locally sounds like the safe option. No cloud, no third parties, everything stays on your own machine. So people install Ollama, fire up a language model, and assume they’re good. Except the default settings expose the server to anyone who knows where to look.

An AI just found 12 zero-day vulnerabilities in OpenSSL. All 12. In a single release. One of those bugs is older than OpenSSL itself, sitting in the code since 1998. 🧐

OpenSSL is the cryptographic library that encrypts roughly two-thirds of all internet traffic. It runs on 95% of IT organizations worldwide. Banks use it. Hospitals use it. Governments use it. Cloud platforms, enterprise applications, operating systems, critical infrastructure. When OpenSSL has a vulnerability, the entire internet has a problem.

Microsoft pushed one security update. It broke at least 10 different things. 114 security fixes. Two emergency patches. PCs that won’t boot. Outlook that crashes. Remote Desktop that fails. Shutdown buttons that do nothing. And Microsoft is still investigating why some systems show a black screen and never start again. 🧐

A Windows and Microsoft story that keeps getting worse.

This was one of the largest Patch Tuesday releases in history. 114 vulnerabilities fixed, 8 rated Critical, 106 Important. The breakdown: 57 privilege escalation flaws, 22 remote code execution bugs, and 22 information disclosure vulnerabilities. Three zero-days in total, one actively exploited in the wild and two publicly known before Microsoft could patch them. In 2025 alone, Microsoft patched 1,130 CVEs across the year, 12% more than 2024.

Microsoft Office zero-day actively exploited. Every version from 2016 to 365, including LTSC 2021 and 2024, over 400 million users. Attackers bypass all the protections Microsoft built to stop malicious documents. Just open the file, and they are in. Microsoft pushed an emergency patch on a Sunday. 🧐

CVE-2026-21509. CVSS 7.8.

Someone sends a Word document, an Excel file, a PowerPoint. The target opens it. No macro warning pops up, no “enable content” button appears. The embedded object just executes and the attacker has access.

Linux running inside a PDF. An actual working operating system with a terminal where you can type commands. Open a PDF in Chrome. Wait 30 seconds. You now have a working Linux terminal. No installation, no software, just a 6MB file that boots an entire operating system.

A high school student named Allen built this, the same kid who previously crammed Doom into a PDF. Before that he made tools to bypass school software restrictions and exploits to boot Linux on locked-down Chromebooks.

Two VSCode extensions with 1.5 million installs are stealing source code right now, not last month. Researchers published their findings on January 22. Three days later, both extensions are still live on Microsoft’s official marketplace. Still collecting downloads. Still harvesting files. 🧐

The extensions are ChatGPT - 中文版 with 1.34 million installs and ChatMoss with 150,000 installs. Both marketed as AI coding assistants. Both work as advertised. Both contain identical spyware that sends everything to servers in China. Researchers named the campaign MaliciousCorgi.