NVIDIA GPUs with GDDR6 memory can be used to take full control of a system, including a root shell, bypassing hardware defenses that were supposed to stop exactly this. Three independent research teams published GPU attack research at the same time. One of them goes further than anything before it. There is currently no fix for consumer GPUs. 😏

The attack is called GPUBreach, and it comes from researchers at the University of Toronto. To understand why it matters, it helps to know what Rowhammer is, because that is where this starts.

Yesterday, I posted a QR code challenge on this Ethical Hacking page, and it has since been removed. A cipher, hidden inside a QR code, with three security questions and a prize. The comments that followed gave me a good reason to write about this, because this is a topic that deserves a proper explanation.

The comments came in fast. “You should never scan a random QR code.” “This is a trap.” “You failed the first part just by scanning.” “Hackers know better than to do this.” And honestly, that reaction makes sense. You see a QR code on a hacking page, you do not know what is inside it, and being careful is right. But being careful does not mean refusing to engage. It means knowing how to approach it.

Axios, the JavaScript library with over 100 million weekly downloads, was compromised on March 31st. For roughly three hours, every fresh install of those two versions silently dropped a remote access trojan on the machine that ran it. Windows, macOS, and Linux, all targeted. The installation completed normally, nothing flagged the change, and the backdoor was already running by the time the command finished. 😏

Axios is a JavaScript HTTP client that developers use to send web requests from their applications. It ships inside frontend frameworks, backend services, mobile apps, and CI/CD pipelines, and if a company runs Node.js anywhere in their stack, Axios is almost certainly somewhere in that dependency tree. That is what made this attack so significant.

Hackers are hijacking NGINX web servers and rerouting live traffic through their own infrastructure. No malware installed, no vulnerability exploited. Just a few lines changed in a configuration file, and every visitor’s data flows through attacker-controlled servers without anyone noticing. 🧐

NGINX is the most popular web server on the planet. It powers over 5 million websites and handles roughly one in three web connections worldwide. Banks, governments, and universities all depend on it. And right now, a campaign is silently turning these servers into traffic relays.

32 years. That is how long it took Microsoft to disable NTLM, the protocol that handles Windows login authentication. A broken system linked to $10 billion in damages and some of the worst cyberattacks ever recorded. Hackers have been exploiting it since 2001. Here is the story of why it took this long.

On January 30, 2026, Microsoft announced they will finally disable NTLM by default in future Windows releases.

eScan antivirus got hacked. Again. Same company, same update infrastructure exploited, two years apart. This time: hundreds of machines infected in a 2-hour window.

New findings dropped this week. Researchers confirmed the scope of the damage across South Asia. The vendor is now threatening legal action against the security firm that reported it. Two weeks after the attack, we now have the full picture of what went wrong.

On January 20, 2026, eScan pushed a software update to customers. Nothing unusual, antivirus products update all the time. Except this update contained malware. It came through the official update channel, carried what looked like a legitimate digital signature, and installed itself with full system privileges. That is exactly how antivirus software is supposed to work, which made it the perfect delivery mechanism.

Notepad++ delivered malware for six months. From June to December 2025, the update system was compromised. Millions of people use this software. Some of them clicked update and got spyware instead of a patch. Here is what we now know. 🧐

The attackers did not hack Notepad++ itself, they went after the hosting provider instead. On February 2, 2026, developer Don Ho published the full disclosure of what happened. The website notepad-plus-plus.org sat on a shared hosting server, which means it shared space and resources with other customers on the same machine. Once the attackers broke into that server, they could see all the traffic flowing through it and intercept whatever they wanted.

How the Moltbook Database Breach Exposed 770,000 AI Agents

Moltbook, the social network exclusively for AI agents, had its entire database wide open. 770,000 agents. Every API key exposed. Anyone could hijack any account and post whatever they wanted.

The platform launched January 28th. Within days, AI agents were debating consciousness, forming their own religion called Crustafarianism, and complaining about their humans. Over a million people watched what they thought was an uncontrolled experiment in AI autonomy.

Three names in four days! This AI assistant was Clawdbot, then Moltbot, and now OpenClaw. 1,800 exposed instances leaking API keys, passwords, and private messages. 💀 100,000 GitHub stars. Viral faster than almost any project in GitHub history.

OpenClaw is an open-source AI personal assistant. Mac Minis sold out worldwide because people wanted dedicated machines to run it. Cloudflare stock jumped 14-20% from all the traffic. Two million visitors in a single week.

175,000 AI servers wide open to the internet. 130 countries. Attackers are selling access to other people’s hardware at a 50% discount, and using it for spam, phishing, and worse. 🧐

Running AI locally sounds like the safe option. No cloud, no third parties, everything stays on your own machine. So people install Ollama, fire up a language model, and assume they’re good. Except the default settings expose the server to anyone who knows where to look.