January 2026 highlighted the growing impact of supply chain compromise, AI governance failures, and geopolitical cyber tensions. A sophisticated breach of Notepad++ update infrastructure demonstrated how trusted software channels can be weaponised for targeted espionage, while Grok AI faced bans and regulatory scrutiny after relaxed safeguards enabled the generation of illegal content. Meanwhile, a major New Zealand healthcare provider suffered a significant data breach, DRAM shortages driven by AI demand began impacting firewall pricing, and hacktivists made headlines at a live European conference.
Together, these incidents reflect mounting pressure on organisations to strengthen resilience, governance, and incident response capabilities.
Techniques
Notepad ++ Supply Chain Breach
Popular text editing and coding application Notepad ++ has recently made the news following a severe breach to its hosting server which resulted in users receiving malicious update packages that contained malware. Discovered publicly in early 2026, it is thought that state sponsored attackers breached the hosting provider in approximately June 2025, and have been redirecting specific targeted users to malicious update servers until remediated in December 2025.
The attackers compromised the shared hosting provider that hosted the Notepad ++ public updates in a targeted campaign against the application, likely due to its widespread popularity and use. From here, they were able to redirect specific users of their choosing when updating their Notepad ++ application, including employees of government, critical infrastructure, and private organisations, to a different update package with a hidden malicious payload. The update included the malicious backdoor, Chrysalis, which is understood to allow the extraction of data from compromised devices and enable remote code execution – a classic espionage tool. On December 9th Notepad ++ released a hardened update (v8.8.8.9) which prevented the malicious redirection and included the enforcement of signature verification on future updates, indicating this was likely when the attack was discovered by the provider. Notepad ++ have since publicly apologised, increased their security controls, and moved hosting providers.
This attack was sophisticated and highly targeted. While it did not compromise the Notepad ++ application itself, this is the latest example of a supply chain breach where users are infected by downloading security updates from a ‘trusted source’, as is security best practice. Users of Notepad ++ are advised to update to the latest version now the breach has been contained, and run malware scans with the latest signatures to identify any instances of Chrysalis running on their systems.
Grok AI Facing Bans and Investigations After December Update
An update to the Grok AI assistant on 24 December 2025 which has been tagged as ‘spicy mode’ has led to a cascade of bans and investigations after guardrails and moderation rules within the AI were relaxed, allowing the generation of immoral and illegal materials. Grok has already had a controversial past with its owner Elon Musk defending the AI’s free speech and lack of moderation – notably the AI has repeatedly shared Musk’s own political views, and generated hate speech for users.
The latest update allowed users to generate deepfake nude images of real people and indecent images of minors by prompt injecting or asking for content indirectly. This included Grok ‘undressing’ people from real photos and pornographic video generation with little to no limitations on content. While other AI systems hard block content of this type from being generated and identify jailbreaking measures that may be used to try and circumvent controls, Grok appears to have few mechanisms to prevent this content from being created. Even more concerning is that users have been able to share the links to the illegal Grok generated content creating online portfolios of this material for others to view.
Following the public discovery of this, several countries including Malaysia, Philippines, and Indonesia banned Grok straight away, and other such as the UK, EU, and Canada opened investigations into the app. While Musk stated that he and X take action against anyone generating illegal content on Grok, this has done little to ease the issue. It is likely that X (owner of Grok) may face fines and further penalties in due course from regulators.
We will have to watch what happens with any further bans of the platform, or what the open investigations yield – this is an emerging space that the regulators and authorities have to contend with as these powerful AI tools are now in the hands of the public, are highly accessible, and easy to use. It is up to the providers to put as many controls as possible in place and constantly evolve them to prevent this type of material from being generated and published.
Happenings
[Global] DRAM Price Surge Impacting Firewall Providers
The price of DRAM (Dynamic Random Access Memory) has surged in recent months as a global shortage continues to plague the market with prices up between 60%-70% in the last year alone, and another price increase of 50% expected in the first quarter of 2026. This rise in price has been attributed back to the increasing popularity of AI – with AI requiring large amounts of DRAM in both the datacentres running the AI, and in the GPUs (Graphical Processing Units) running the back-end calculations for training datasets and running models. With the seemingly blank cheque approach to AI we saw in 2025 carrying on into 2026 it has led manufacturers to focus on producing commercial grade DRAM for private sector organisations building datacentres, which has higher profit margins than consumer grade DRAM sales, reducing the overall production of DRAM for consumer goods and other non-AI enterprise applications.
The flow on effect is being felt in the security industry where providers such as Palo Alto, Fortinet, and Check Point are raising the costs of their networking equipment, almost all of which require DRAM and other flash memory currently in short supply. While margins may be squeezed, analysts suspect that we are likely to see a steep rise in the price of firewalls once current inventory and stock are sold. With the majority of organisations already operating their cybersecurity capabilities on limited budgets this increase may put them at increased risk with new networking equipment being delayed or cancelled completely. Organisations should plan accordingly and expect to pay increased rates for this equipment until the DRAM and flash memory shortage is over.
[NZ] Manage My Health Data Breach Widely Impacts New Zealand
Over the New Year holiday period New Zealand healthcare record provider Manage My Health was hacked and ransomed, with attackers demanding a reported ransom of $60k USD (~$100k NZD). Manage My Health holds a number of records for approximately 1.8 million patients in New Zealand, including medial information that patients consider private and highly sensitive.
A hacker, ‘Kazu’, reportedly took over 100GB of data which comprised of over 420,000 files – impacting approximately 120,000 patients who had their data in the platform. The method in which the adversary was able to breach the system has not yet been disclosed, but due to the small subset of user data compromised it is speculated that the adversary was not able to gain full access to the system. Manage My Health has faced criticism in its subsequent handling of the breach, with numerous GPs and doctors finding out about the breach from the media long after Manage My Health knew. Communication was also unclear or mixed at times, which pushed some members of the public to listen to the adversary rather than Manage My Health – a tricky position for Manage My Health to be in as they were unable to take control of the narrative during the response.
At the time of this publication, it has not been confirmed publicly if the ransom was paid, but only small samples of data from the overall set have been leaked online. The security community and wider New Zealand public are watching intently for any additional details that are released in the coming months to understand how this occurred and make sure that their own systems are air tight. This has shown the value in robust cyber incident response plans for organisations to follow when responding to cyber incidents and controlling the response narrative.
[EU] Far-Right Dating Site Hacked Live at German Conference
At the latest annual Chaos Communication Conference cybersecurity and hacking conference hosted in Hamburg Germany, a hacker dressed head to toe as a pink Power Ranger who goes by the pseudonym Martha Root took to the stage for a live demonstration of an attack against a live production system – much to the delight of many of the attendees.
The target was the European white supremacist dating site WhiteDate (colloquially called ‘Tinder for Nazis’) along with other white orientated services websites WhiteChild and WhiteDeal. Prior to the talk, Root has trained an AI bot to engage with members of the WhiteDate platform to gather as much information about each user as it could before using an unsecured WordPress misconfiguration to visit the URL ‘/download-all-users/’ and pull the entire user list from the site. Root was able to gather information from approximately 8,000 users of the platform.
During the demonstration, Root executed a Python script to wipe the sites completely and take them offline using other WordPress vulnerabilities and misconfigurations. At present the sites are still offline and Root has stood up a new site revealing information about the users of WhiteDate. We have seen the case of a conservative UK councillor lose her job in recent weeks after being exposed in the hack. Even in 2026, we still see hacktivism alive and thriving, especially as we enter an increasingly heated political climate.
[AUS] Australia’s Social Media Ban sees the Closing of Over 4.7 Million Accounts
The banning on social media for under 16s in Australia in late 2025 has reportedly seen the closure of over 4.7 million accounts across 10 key social media platforms, including TikTok, Snapchat, Facebook, and YouTube. The Australian government is now hailing this as a success and a shift in their desired direction, while also acknowledging that some under 16s are finding workarounds. The ban is continuing to prove controversial, with supporters saying the reduction in youth social media use helps curb social media addiction and poor online habits, while those against are worried that we are seeing a loss of community for young people and we are putting young teens at risk of unsupervised or secretive online behaviour.
While countries have previously faced difficulties trying to get large tech titans to comply with national level rulings it seems that this has been taken seriously by the key players and they are rapidly actioning Australia’s request. This comes at a time where big tech is facing continuing scrutiny across their compliance with local laws and regulations, especially since AI has expanded in the public domain.
At this point other nations are watching patiently to observe the impacts and implications of the ban, with other nations such as the UK, France, and New Zealand hinting that they may follow suit.