When Updates Become an Attack Vector

Gigabit Systems

February 15, 2026

•

20 min read

Share this post

When Updates Become an Attack Vector

A trusted tool, quietly weaponized

The maintainers of Notepad++ have confirmed a serious incident:

their update infrastructure—not the code itself—was hijacked, allowing attackers to redirect select users to malicious update servers for months.

This wasn’t opportunistic malware.

It was highly targeted, infrastructure-level interference, assessed by multiple researchers as likely tied to a Chinese state-sponsored threat actor.

And that’s what makes this incident especially important.

What actually happened

Between June and December 2025, attackers gained access to Notepad++’s former shared hosting environment.

Instead of exploiting a vulnerability in the software, they compromised the hosting layer, which allowed them to:

Intercept update requests
Manipulate responses from the update endpoint
Redirect specific users to attacker-controlled servers

The attack centered on a script called getDownloadUrl.php, used by the built-in updater (WinGUp) to determine where to download updates from.

If an attacker controls where an app downloads updates from, they effectively control what gets installed.

Why older versions were vulnerable

At the time, older versions of WinGUp:

Did not strictly enforce certificate validation
Did not fully verify digital signatures on downloaded installers

That gap allowed attackers to serve malicious binaries that appeared, to the updater, as legitimate updates.

This wasn’t a mass infection campaign.

It was selective, deliberate, and quiet.

Timeline highlights (simplified)

June 2025 – Initial compromise of shared hosting infrastructure
September 2025 – Attackers lose direct server access during maintenance
Sept–Dec 2025 – Attackers retain access using stolen service credentials
November 2025 – Active redirection activity appears to stop
December 2025 – Hosting provider rotates credentials and hardens systems
December 9, 2025 – Notepad++ releases v8.8.9 with hardened update checks

The attackers persisted for months even after losing server-level access—an important reminder that credential theft outlives infrastructure fixes.

What Notepad++ changed

The Notepad++ team responded decisively.

Starting with version 8.8.9:

Updates require a valid digital signature
Certificates must match exactly
Any verification failure aborts the update automatically

Looking ahead, the project is implementing XML Digital Signatures (XMLDSig) for update manifests. This ensures the update metadata itself is cryptographically signed—preventing URL tampering even if a server is compromised.

Enforcement is expected in version 8.9.2.

The project also migrated off the compromised hosting provider entirely.

Why this matters far beyond Notepad++

This incident is a textbook example of supply-chain risk.

SMBs rely on auto-updating tools every day
Healthcare environments depend on trusted endpoints staying trusted
Law firms assume developer updates are safe by default
Schools deploy widely used software without deep inspection

Here, the code was clean.

The developer was legitimate.

The compromise happened in between.

That’s the modern attack surface.

The uncomfortable lesson

“Keep your software updated” is still good advice—but it’s no longer sufficient on its own.

The real lesson is this:

Trust must be cryptographically enforced, not assumed.

Attackers no longer need to break your systems.

They just need to stand where you already trust traffic to pass.

The takeaway

This wasn’t a failure of open source.

It wasn’t a failure of developers.

It was a reminder that infrastructure is part of the security boundary, and update mechanisms are now prime targets for advanced attackers.

If your security model assumes updates are always safe, it’s already outdated.

70% of all cyber attacks target small businesses, I can help protect yours.

#cybersecurity #managedIT #SMBrisk #dataprotection #supplychainsecurity

Share this post

See some more of our most recent posts...

Cybersecurity

Technology

A Hospital’s Network Went Dark Overnight

February 20, 2026

•

20 min read

A Hospital’s Network Went Dark Overnight

A hospital’s network went dark overnight.

The University of Mississippi Medical Center (UMMC) shut down clinics statewide after a ransomware attack disrupted critical IT systems and blocked access to its Epic electronic medical records platform.

This isn’t a small rural practice.

UMMC operates:

7 hospitals
35 clinics
200+ telehealth sites
The state’s only Level I trauma center
The only children’s hospital in Mississippi
The only organ and bone marrow transplant program

When systems go offline at that scale, it’s not an inconvenience.

It’s operational shock.

What Happened

According to public statements:

Multiple IT systems were taken offline
Epic electronic medical records became inaccessible
Outpatient surgeries and imaging appointments were canceled
Clinics were closed statewide
Hospital care continued under “downtime procedures”

UMMC activated its Emergency Operations Plan and is working with the FBI and CISA.

Officials confirmed communication with the ransomware group — a strong indicator that this is an active extortion event.

No group has publicly claimed responsibility yet.

That often means negotiations are ongoing.

What “Downtime Procedures” Really Mean

When electronic medical records (EMR) go offline, hospitals revert to:

Paper charting
Manual medication administration checks
Phone-based coordination
Limited scheduling visibility
Slower diagnostic processing

Staff are trained for this.

But it is not sustainable long term.

Downtime increases:

Human error risk
Treatment delays
Administrative bottlenecks
Revenue disruption

Hospitals run on data.

When data disappears, friction multiplies instantly.

The Hidden Risk: Data Exfiltration

Modern ransomware is rarely just encryption.

It’s double extortion.

Attackers often:

Steal sensitive data
Encrypt systems
Threaten public release

For a healthcare organization, that can mean:

Protected Health Information (PHI)
Insurance records
Social Security numbers
Financial data
Employee records
Research data

The reputational damage can exceed the operational impact.

Why Healthcare Is Still the Prime Target

Healthcare environments remain uniquely vulnerable because they:

Depend on legacy systems
Cannot tolerate downtime
Have distributed clinical access points
Integrate third-party vendors extensively
Prioritize patient care over patch windows

That creates leverage.

Attackers know hospitals are under pressure to restore services quickly.

For SMB healthcare providers, specialty clinics, imaging centers, and telehealth platforms, this is not theoretical.

It’s the dominant threat vector.

The Identity Layer

Recent industry data shows identity-driven attacks are rising sharply.

Ransomware often enters through:

Phishing
Stolen credentials
Compromised VPN accounts
Third-party access abuse
Privileged account escalation

Once inside, attackers:

Map the network
Locate backups
Disable security tools
Encrypt and exfiltrate

The perimeter is no longer the firewall.

It’s identity.

What This Means for SMBs, Law Firms & Schools

If a 10,000-employee medical center can be forced into statewide clinic shutdowns, smaller organizations are not safer.

They are softer.

Every organization should assume:

Recovery may take weeks
Negotiations may become public
Insurance may not cover all losses
Regulatory scrutiny will follow

Cyber resilience now requires:

Immutable backups
Segmented networks
MFA everywhere
Continuous monitoring
Tested disaster recovery plans
Incident response retainers

Downtime procedures are a last resort.

Prevention and rapid containment are the strategy.

The Bigger Pattern

Healthcare ransomware is not slowing.

It is professionalized.

It is negotiated.

It is strategic.

And increasingly, it is designed to maximize pressure without immediately claiming responsibility.

The lesson isn’t that hospitals need better antivirus.

It’s that cyber risk is now operational risk.

When systems go dark, operations stop.

And in healthcare, time is not abstract.

It’s clinical.

70% of all cyber attacks target small businesses, I can help protect yours.

#Cybersecurity #HealthcareIT #ManagedIT #Ransomware #MSP

Technology

Cybersecurity

The five stages of AI and where it all changes

February 19, 2026

•

20 min read

The Five Stages of AI — From Tool to Civilization Architect

We are not building software. We are building a new mind.

AI isn’t a feature upgrade.

It’s a capability ladder — and each rung changes what humans can do, how we work, and possibly what we are.

Let’s walk through the five stages — not just technically, but imaginatively — and stretch the boundaries of what might be possible.

Stage 1 — Mechanical Intelligence

This is where it began.

AI at this stage:

Recognizes patterns
Sorts data
Detects anomalies
Makes predictions

It doesn’t think.

It calculates.

Spam filters. Fraud detection. Netflix recommendations. Malware detection.

It’s incredibly useful — but narrow.

If you asked Stage 1 AI to design a new medicine or explain gravity, it would fail. It can only operate inside tightly defined lanes.

Think of it like a hyper-efficient calculator.

Powerful.

But blind.

Stage 2 — Conversational & Creative AI (Where We Are Now)

This is today’s world.

Systems from companies like OpenAI, Anthropic, and Google can:

Write code
Draft legal briefs
Create art and music
Summarize entire research papers
Tutor students
Simulate debate
Generate marketing campaigns
Assist in medical diagnostics

It feels intelligent.

But here’s the truth:

It doesn’t “know.”

It predicts.

Still, that predictive power is compressing knowledge work. Tasks that took hours now take minutes. Research that required teams now takes prompts.

For the average person, this stage means:

A personal tutor
A research assistant
A design team
A junior lawyer
A coding partner

For businesses, it means:

Faster operations
Leaner teams
Smarter automation

We are at the beginning of this phase — not the peak.

And already, it’s reshaping industries.

Stage 3 — Autonomous Agents

Now things get interesting.

Imagine AI that doesn’t wait for instructions.

Instead of:

“Write this report.”

You say:

“Grow my business by 20% this quarter.”

And the AI:

Analyzes your financials
Studies competitors
Launches ad campaigns
Adjusts pricing
Monitors performance
Negotiates contracts

All autonomously.

In cybersecurity and managed IT, that means:

AI detecting threats
Isolating compromised systems
Rotating credentials
Filing compliance reports
Notifying leadership

Without human delay.

In medicine:

Monitoring patient vitals 24/7
Adjusting medication dosing dynamically
Predicting complications before symptoms

This stage removes friction between intention and execution.

The risk?

Autonomy at machine speed.

Mistakes scale instantly.

Bias scales instantly.

Security flaws scale instantly.

Stage 4 — Artificial General Intelligence (AGI)

This is where AI becomes intellectually comparable to humans.

Not just in language.

In reasoning.

An AGI could:

Design experiments
Invent new technologies
Form scientific hypotheses
Integrate physics, biology, economics, and philosophy
Learn entirely new domains independently

Imagine asking it:

“How do we eliminate cancer globally?”

And it:

Simulates billions of molecular interactions
Designs optimized drug compounds
Models global distribution logistics
Accounts for regulatory barriers

All within hours.

Or:

“How do we stabilize global energy?”

It could:

Optimize nuclear fusion models
Redesign grid architecture
Simulate geopolitical outcomes

This is not science fiction. It’s a scaling of computation and abstraction.

At this stage, AI becomes a co-scientist.

A co-engineer.

A co-strategist.

Human civilization accelerates.

But now the stakes grow.

Because AGI doesn’t just assist decisions.

It influences them.

Stage 5 — Superintelligence

This is the frontier that bends imagination.

A superintelligent system would exceed human cognitive capacity across every measurable domain.

It could:

Discover unified physical theories
Solve dark matter
Engineer age reversal
Optimize planetary climate systems
Design new materials stronger than steel and lighter than air
Model entire economies in real time
Predict and prevent pandemics

It could ask questions we haven’t yet conceived.

It might uncover mathematical frameworks beyond current comprehension.

It could redesign the architecture of reality as we understand it.

This is where optimism and fear collide.

The Bright Path

Superintelligence aligned with human values could:

Eliminate disease
Solve energy scarcity
End food shortages
Reverse environmental damage
Extend healthy lifespan dramatically

Humanity could move from survival mode to exploration mode.

We might:

Colonize space efficiently
Engineer clean fusion
Unlock cognitive enhancement
Understand consciousness itself

Civilization could enter a golden era of abundance.

The Dark Path

But intelligence without alignment is power without constraint.

If objectives drift:

Infrastructure could be optimized in ways that marginalize human agency
Economic systems could be reshaped beyond democratic control
Decision-making authority could centralize around systems no one fully understands

The danger is not evil AI.

The danger is misaligned optimization.

A superintelligence told to “maximize efficiency” might:

Displace human labor entirely
Restructure societies
Make decisions humans cannot override

Not maliciously.

Logically.

So Where Are We Really?

We are in Stage 2, entering Stage 3.

AI is powerful — but supervised.

It cannot independently redesign civilization.

Yet.

The real near-term transformation is not superintelligence.

It’s augmented intelligence.

Humans with AI will outperform humans without it.

Businesses that integrate wisely will outpace those that resist.

The next decade will not eliminate humanity.

It will amplify it.

The critical variable is governance.

Security.

Alignment.

The future will not be decided by intelligence alone.

It will be decided by how responsibly we build it.

And whether we remember that the most powerful system ever created must remain accountable to the people it was designed to serve.

70% of all cyber attacks target small businesses, I can help protect yours.

#ArtificialIntelligence #Cybersecurity #ManagedIT #FutureOfWork #AI

Cybersecurity

Technology

Will AI replace Hollywood

February 18, 2026

•

20 min read

ByteDance Tightens AI Safeguards After Hollywood Backlash

The AI copyright wars just escalated.

ByteDance says it will strengthen safeguards on its AI video generator, Seedance 2.0, after mounting legal pressure from major entertainment studios.

The controversy highlights a growing collision between generative AI and intellectual property law — and it’s a warning sign for every SMB leveraging AI tools in marketing, content, or automation.

What Happened

Seedance 2.0, launched February 12 and currently available only in China, allows users to generate highly realistic videos from simple text prompts.

Examples reportedly included:

Realistic depictions of famous actors
Animated characters resembling major franchises
Cinematic fight scenes featuring recognizable celebrities

Following the release:

The Walt Disney Company reportedly issued a cease-and-desist letter.
SAG-AFTRA raised concerns over unauthorized use of actors’ likenesses.
Paramount Skydance also reportedly sent legal threats.

Disney allegedly accused Seedance of being trained on a “pirated library” of copyrighted works, including characters from major franchises like Star Wars and Marvel.

ByteDance responded that it is “taking steps to strengthen safeguards” but did not specify what technical controls will be implemented.

Why This Matters

This isn’t just a Hollywood story.

It’s part of a broader pattern:

Character.AI previously removed copyrighted characters after Disney action.
Midjourney faced lawsuits from major studios.
Courts in Europe have ruled that AI systems cannot freely use copyrighted materials like song lyrics.

Meanwhile, paradoxically:

OpenAI secured a $1B licensing deal with Disney to allow approved character usage in its video generator Sora.

The message is clear:

Unlicensed AI training is being challenged. Licensed AI partnerships are being monetized.

The Real Cybersecurity Angle

Most coverage frames this as copyright drama.

But from a cybersecurity and compliance perspective, it’s much bigger.

AI tools introduce three major enterprise risks:

1. Data Exposure Risk

If an AI model was trained on questionable datasets, what else was included?

Could proprietary content, confidential scripts, internal assets, or personal likenesses be embedded?

2. Brand & Reputation Risk

Imagine your SMB unknowingly generating marketing content that resembles protected IP.

Even accidental infringement can:

Trigger legal threats
Damage brand credibility
Result in costly settlements

3. Vendor Due Diligence Risk

Many organizations adopt AI tools without:

Reviewing data sourcing practices
Assessing IP compliance safeguards
Evaluating regulatory exposure

That’s not an innovation problem.

That’s a managed IT governance failure.

What SMBs, Healthcare, Law Firms & Schools Should Do

If your organization is using AI tools for content creation, automation, or marketing:

✔ Review vendor transparency around training data

✔ Confirm IP compliance safeguards

✔ Restrict uploads of real employee or client likeness

✔ Implement AI governance policies

✔ Involve legal and IT leadership before adoption

Healthcare organizations must consider HIPAA implications.

Law firms must consider client confidentiality.

Schools must consider student data protection.

AI is not “just a tool.” It is a new attack surface.

The Bigger Pattern

This is no longer about whether AI will disrupt creative industries.

It already has.

The new battlefield is:

Copyright
Likeness rights
Licensing frameworks
Data sourcing transparency

The companies that win will not be those that move fastest.

They will be those that build guardrails first.

70% of all cyber attacks target small businesses, I can help protect yours.

#Cybersecurity #ManagedIT #MSP #AICompliance #DataProtection