Security news weekly round-up - 6th February 2026
Source: Dev.to
eScan Antivirus Delivers Malware in Supply Chain Attack
Malicious updates were distributed through eScan’s legitimate update infrastructure, resulting in the deployment of multi‑stage malware to enterprise and consumer endpoints globally.
- A malicious
Reload.exefile was delivered, kicking off a multi‑stage infection chain. - The file modified the HOSTS file to block automatic updates, established persistence through scheduled tasks, and downloaded additional payloads.
Notepad++ Supply Chain Hack Conducted by China via Hosting Provider
The attack targeted specific users rather than the entire Notepad++ user base.
- Infrastructure‑level compromise allowed malicious actors to intercept and redirect update traffic destined for
notepad-plus-plus.org. - The compromise occurred at the hosting‑provider level, not through vulnerabilities in the Notepad++ code itself.
- Targeted users were redirected to attacker‑controlled servers serving malicious update manifests.
Researchers Expose Network of 150 Cloned Law Firm Websites in AI‑Powered Scam Campaign
Key takeaway: be vigilant for websites impersonating your brand and act quickly to takedown them.
- The cloned sites aim to re‑victimize individuals who have already fallen for fraud.
- They present a fake legal service promising to recover money lost to prior scams, explicitly stating that no payment is required before the “recovery” occurs.
EU Says TikTok Faces Large Fine Over “Addictive Design”
The European Commission is targeting platforms that encourage excessive screen time.
“Social media addiction can have detrimental effects on the developing minds of children and teens,” said EU tech commissioner Henna Virkkunen.
“The Digital Services Act makes platforms responsible for the effects they can have on their users. In Europe, we enforce our legislation to protect our children and our citizens online.”
Cover photo by Debby Hudson on Unsplash.