Summary
SANS NewsBites is a highly regarded, semiweekly email newsletter providing executive-level summaries of critical cybersecurity news, breaches, and threats. Curated by the SANS Institute, it offers expert-annotated analysis on why major stories matter, helping security professionals stay informed efficiently.
Key Features of SANS NewsBites:
- Frequency: Published twice weekly, typically Tuesdays and Fridays.
- Content: Concise, high-impact summaries of the week’s most important cyber security news, including vulnerability reports, major data breaches, and regulatory changes.
- Expert Commentary: Each article includes expert context from the SANS community, providing deeper insight into the implications of the news.
- Target Audience: Security professionals, executives, and IT professionals needing quick, actionable threat intelligence.
- Credibility: Produced by the SANS Institute, a globally recognized leader in cybersecurity research and training.
It is widely considered a top, trusted, and must-read cybersecurity resource.
OnAir Post: SANS NewsBites
News
Don Ho, maintainer of open-source text and code editing program Notepad++, announced on February 2, 2026, that a state-sponsored threat actor had compromised the software’s update supply chain for almost six months. “The exact technical mechanism remains under investigation, though the compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself.” Investigation by the hosting provider suggests that the threat actor began hijacking update traffic in targeted attacks in June 2025, and the third-party shared hosting server remained compromised until a kernel and firmware update on September 2. Attacks continued until November 10, as the attackers still held credentials to internal services until December 2. Ho first disclosed updater traffic being redirected to malicious servers on December 9, adding that in Notepad++ v8.8.9, the application and updater “have been hardened to verify the signature & certificate of downloaded installers during the update process.” Notepad++ facilitated communication between the hosting provider and an incident response (IR) team to implement an IR plan proposed by a consulting cybersecurity expert. Ho recommends manually downloading and installing v.8.9.1, also noting that “the Notepad++ website has been migrated to a new hosting provider with significantly stronger security practices. Within Notepad++ itself, WinGup (the updater) was enhanced in v8.8.9 to verify both the certificate and the signature of the downloaded installer. Additionally, the XML returned by the update server is now signed (XMLDSig), and the certificate & signature verification will be enforced starting with upcoming v8.9.2.”
