![cyb3rops's tweet photo. Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs
- update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe
- file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll
- network IOCs incl. api[.]skycloudcenter[.]com (-> 61.4.102[.]97), api[.]wiresguard[.]com, 59.110.7[.]32, 124.222.137[.]114
by @rapid7
https://t.co/rrespJ9Ju0](https://pbs.twimg.com/media/HAKoUZyWsAAUNoZ.jpg)
![cyb3rops's tweet photo. Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs
- update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe
- file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll
- network IOCs incl. api[.]skycloudcenter[.]com (-> 61.4.102[.]97), api[.]wiresguard[.]com, 59.110.7[.]32, 124.222.137[.]114
by @rapid7
https://t.co/rrespJ9Ju0](https://pbs.twimg.com/media/HAKoUZwXMAIGkD3.jpg)
Olivia
Online
Philippe Tremblay 🇨🇦🇫🇷 🇺🇦
@philtrem2000
Husband, father, teammate. IT Product Owner and Solution Architect with a passion for cloud, code and empowering teams.
Toronto
Joined December 2008
2.1K Following
445 Followers
2.5K Posts
Just one day after ending "The Late Show" on CBS, Stephen Colbert returned to TV — to host a public access show with rocker Jack White in Monroe, Michigan.
Appearances by Jeff Daniels, Eminem and Steve Buscemi.
Really enjoyed this interview by @elijahwoodward9 with @bunsofwrath12 on Team Cymru’s “Future of Threat Intelligence”
A lot of good DFIR points in there that often get ignored in enterprise envs:
- why default Win event log sizes are a forensic disaster
- why Sysmon deployments are often stale or incomplete
- the forensic value of Volume Shadow Copies and the $J USN Journal
- why EDR alone is not enough
- how true positives get buried in alert fatigue
- using AI as a force multiplier for parsing logs and writing one-off tooling, while still not treating it as forensic ground truth
Also liked the practical angle throughout the whole discussion. Felt very experience-driven, not theoretical.
Worth watching
https://t.co/SfgqjbR9Eu
Who to follow
Nebulaworks 
@nebulaworks
We build what others only architect. Production-first cloud, data, AI, & ML engineering for the enterprise. AWS Advanced Partner. Shipping since 2014.
Hamish Tedeschi
@HamoDonk
Building Australia's best cloud product development company. DonkOps enthusiast.
Scott Duffy
@scottjduffy
Teaching #Azure and #AI to 1,500,000 students around the world. Check me out at https://t.co/4EX8gv5xyh
‼️🚨 Microsoft calls this "intended behaviour," so here we go.
How to dump the credentials of every user stored in Microsoft Edge:
1. Open Edge. Don't browse anywhere, just open it.
2. Flip to Task Manager, find Edge, expand the task.
3. Highlight the "browser" sub-task, right-click, and choose "Create Memory Dump."
4. Open the dump file and look for credentials.
The logged-in Windows user can dump every stored Edge credential with no additional rights. Which means any malware that user executes has those credentials for the asking.
Thanks to Rob VandenBrink at SANS: https://t.co/ebtVZxne4L
Unit 42 | The npm Threat Landscape: Attack Surface and Mitigations https://t.co/j1dwIvJdot
Our investigation has revealed that the incident originated from a third-party AI tool with hundreds of users whose Google Workspace OAuth app was compromised.
We recommend that Google Workspace Administrators check for usage of this app immediately. https://t.co/MNxfGOcch9
We dug into this more: The blast radius is larger than it looks. Axios only needed to be resolved somewhere in the dependency graph during the window (e.g. via CLI tools, npx installs, CI jobs, etc). In some cases, you can check now and see nothing, even if it ran. 🫥
https://t.co/5qHxUgHRJp
More relevant than ever …
Best practices for securing Microsoft Intune
In view of the March 11, 2026 cyberattack against U.S.-based medical technology firm Stryker Corporation, which affected their Microsoft environment. Microsoft has newly released the following guidance:
https://t.co/g1ZNgS4Bfm
#Cybersecurity #MicrosoftIntune #Hardening
daylight savings sucks
Now I’m jet lagged and I haven’t even gone anywhere
RT @cyb3rops: Here’s how I currently see software development.
Imagine a farmer who grows cabbage.
He has one large field and several sma…
Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs
- update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe
- file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll
- network IOCs incl. api[.]skycloudcenter[.]com (-> 61.4.102[.]97), api[.]wiresguard[.]com, 59.110.7[.]32, 124.222.137[.]114
by @rapid7
https://t.co/rrespJ9Ju0
![cyb3rops's tweet photo. Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs
- update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe
- file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll
- network IOCs incl. api[.]skycloudcenter[.]com (-> 61.4.102[.]97), api[.]wiresguard[.]com, 59.110.7[.]32, 124.222.137[.]114
by @rapid7
https://t.co/rrespJ9Ju0](https://pbs.twimg.com/media/HAKoUZzXMAQFKph.jpg)
For convenience: I wrote a small collector that pulls all SHA-256, SHA-1 and MD5 hashes from Notepad++ releases and compiles them into big CSV + JSON files
Use it to check if any Notepad++ installs in your org match known-good release hashes - and spot weird/malicious outliers
https://t.co/W2pYbfYemz
@cyb3rops …and learned from it
the brand new sensation
that’s sweeping your nation
it’s our special military operation
https://t.co/6cLKX8HsZo
Google now lets you change your @gmail.com address, rolling out - @mayank_jee
https://t.co/BYNfppoLRs
https://t.co/BYNfppoLRs
My annual MRI scan gives me a USB stick with the data, but you need this commercial windows software to open it.
Ran Claude on the stick and asked it to make me a html based viewer tool. This looks... way better.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.4M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers