Advisories

ZeroFox Weekly Intelligence Brief – February 7, 2026

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – February 7, 2026

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on February 5, 2026; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

Notepad++ Hijacked by Suspected Chinese Threat Actors

What we know:

  • The developer of open source code editor Notepad++ has confirmed a compromise involving its update infrastructure by a suspected Chinese state-sponsored threat actor group.
  • Researchers have attributed the breach to China-linked threat group Lotus Blossom.
  • The developer claimed that the issue has been addressed in the December 2025 security patch with the release of version 8.8.9.
  • Notepad++ has been migrated to a new hosting provider since the breach for better security measures.

Fintech Firm Loses USD 40 Million After Exec Devices Hacked

What we know:

  • Step Finance, a decentralized finance (DeFi) platform and analytics tool, has reportedly lost USD 40 million worth of crypto assets after sophisticated threat actors compromised devices belonging to the company's team of executives.

Italy Stops Russia-Attributed Cyberattacks on High-Profile Targets

What we know:

  • Italy said it has thwarted alleged Russian-origin cyberattacks targeting its foreign ministry facilities, including its Washington embassy and Olympics-related websites and hotels.

Tags: tlp:green