Top stories.
- Poland's energy infrastructure lacked basic security measures, CERT Polska says.
- Suspected Chinese hackers hijacked Notepad++ update traffic.
- Former Google engineer convicted of stealing AI trade secrets for China.
Poland's energy infrastructure lacked basic security measures, CERT Polska says.
Poland’s Computer Emergency Response Team (CERT Polska) has published a report on a Russian cyberattack that targeted the country's energy infrastructure in December, noting that the compromised systems had extremely poor security measures. The attack compromised wind and solar farms and a heat-and-power plant, though the incident did not result in power disruptions. CERT Polska says the compromised entities demonstrated various security failings, including the use of default usernames and passwords, unpatched perimeter devices, and a lack of multifactor authentication.
TechCrunch notes that researchers at ESET and Dragos have attributed the attack to the Russian GRU threat actor Sandworm, but CERT Polska ties the activity to a separate Russian group tracked as "Berserk Bear" or "Dragonfly." CERT Polska notes, "Public reports of this actor’s activities indicate significant interest in the energy sector and the ability to attack industrial devices, which aligns with the actions observed during the incident. However, this is the first publicly described destructive activity attributed to this cluster."
Suspected Chinese hackers hijacked Notepad++ update traffic.
Text and source code editor Notepad++ has disclosed that a suspected Chinese state-sponsored threat actor hijacked the service's update mechanism after compromising its shared hosting provider. The attack "involved infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org." The compromise lasted from June to December 2025. Notepad++ has since moved to a new hosting provider.
Security researcher Kevin Beaumont published a blog post on the activity in December, noting that "highly targeted" attacks compromised "telcos and financial services with interests aligned to China." Beaumont praised Notepad++'s developer for taking the issue seriously.
Former Google engineer convicted of stealing AI trade secrets for China.
A federal jury in San Francisco has convicted former Google software engineer Linwei Ding of stealing AI-related trade secrets for the benefit of the Chinese government. The US Justice Department said in an announcement, "The trade secrets contained detailed information about the architecture and functionality of Google’s custom Tensor Processing Unit chips and systems and Google’s Graphics Processing Unit systems, the software that allows the chips to communicate and execute tasks, and the software that orchestrates thousands of chips into a supercomputer capable of training and executing cutting-edge AI workloads. The trade secrets also pertained to Google’s custom-designed SmartNIC, a type of network interface card used to facilitate high-speed communication within Google’s AI supercomputers and cloud networking products."
Ding was found guilty on seven counts of economic espionage and seven counts of theft of trade secrets, and faces many decades in prison if given the maximum sentence.
