Comparitech Stack Report
Posts
Notepad++ update attack exploited in the wild

Notepad++ update attack exploited in the wild

Taylor Hawes
December 12, 2025

⚡ Weekend Threat Brief

Notepad++ update attack exploited in the wild

A serious security flaw in the popular text and code editor Notepad++ was recently used by attackers to push malware through its update tool. The exploit targets the WinGUp update mechanism, letting hackers trick systems into downloading malicious files instead of legitimate updates.

The developers have released Notepad++ version 8.8.9 to fix this issue. Users still running older versions are at risk and should update right away.

Takeaway: This issue shows how even trusted software can become a threat vector if its update systems are unsecured.

🎯 Tactical Playbook

Cyberattacks push small firms to raise prices

A new report reveals that many small businesses face a “cyber tax” after breaches. The majority (81 %) of U.S. small firms surveyed said they experienced a cybersecurity breach or data breach in the past year. Financial losses ranged from $250,000 up to $1 million.

Nearly four in ten of these businesses raised their prices to cover the damage and increased cybersecurity costs. This trend shows that breaches can affect daily operations and consumer costs, not just IT teams.

Tactical tip: Small firms should invest in basic defenses (patching, backups, incident response) and consider insurance to reduce financial shock.

🛡️ Research Watch

SEC drops case against SolarWinds and its CISO

In a recent legal development covered in Security Management’s monthly Legal Report, The Securities and Exchange Commission ended its enforcement action against SolarWinds and the company’s chief information security officer. The case had drawn attention because it showed how cybersecurity incidents can lead to legal scrutiny of both organisations and their leaders. Security professionals should note how legal outcomes can shape governance, reporting, and liability policies in the future.

🧩 Tool Tip of the Week

Use SuperOps to centralize IT and security tasks

If your team uses SuperOps for remote monitoring and management, you can also integrate document management workflows into it. Many IT teams struggle with scattered files and version control. SuperOps lets you store and track key IT policies, compliance files, and patch records in one place.

Start a free trial →

🗣️ Community Signal

The multistate ISAC provides cyber underserved organizations with protections that they couldn’t otherwise afford at a price that works for them. But it’s more than just access to services. It’s access to a community of peers where your participation protects them and theirs protects yours. Sean Atkinson and Tony Sager.

🗳️ Your Take - The Results

Advertise with Comparitech
Does your business offer services or products in cybersecurity? Get your product seen by IT leaders and professionals.

Advertise with us →

Until Monday’s edition - Let’s keep that zero-day count at zero!