CPUID hit by network compromise
Incident
Summary
Hide ▲
Show ▼
The CPUID distribution site suffered a compromise that redirected users of CPU-Z and HWMonitor to trojanized installers, creating immediate supply-chain risk for a widely used utility ecosystem. Attackers appear to have abused a secondary API to poison the official download links and deliver a HWiNFO_Monitor_Setup payload. The original signed files were not altered, but the breach lasted about six hours between April 9 and April 10, 2026. CPUID said the issue has since been fixed and clean downloads are now being served.
Related Happenings
DAEMON Tools Lite trojanized installer wave
Exploitation Wave
First: 06.05.2026 19:43
Last: 06.05.2026 19:43
Sources 1
About this happening:
Trojanized **DAEMON Tools Lite** installers backdoored **thousands of systems** in **more than 100 countries**, turning a trusted download path into a broad infection wave. The co...
DAEMON Tools Lite trojanized installer wave
Exploitation WaveAbout this happening: Trojanized **DAEMON Tools Lite** installers backdoored **thousands of systems** in **more than 100 countries**, turning a trusted download path into a broad infection wave. The co...
AVB Disc Soft hit by network compromise
Incident
First: 05.05.2026 19:07
Last: 05.05.2026 19:07
Sources 1
About this happening:
**DAEMON Tools** suffered a **supply-chain compromise** when **official installers** were **trojanized**, enabling malicious payload delivery and raising the risk of downstream in...
AVB Disc Soft hit by network compromise
IncidentAbout this happening: **DAEMON Tools** suffered a **supply-chain compromise** when **official installers** were **trojanized**, enabling malicious payload delivery and raising the risk of downstream in...
Latest development: 07.05.2026 12:30
Disc Soft released the malware-free Version 12.6 of Daemon Tools Lite on May 5 after being notified of the supply chain attack, removed the affected 12.5.1 package from support, and said the incident was contained after isolating affected systems, removing compromised files from distribution, auditing the build and release pipeline, rebuilding and validating installation packages, and strengthening internal security controls and monitoring.
Linux kernel security update for Copy Fail (CVE-2026-31431)
Security Patch Release
First: 30.04.2026 16:54
Last: 30.04.2026 16:54
Sources 1
About this happening:
**Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...
Linux kernel security update for Copy Fail (CVE-2026-31431)
Security Patch ReleaseAbout this happening: **Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...
STX RAT trojanized CPU-Z and HWMonitor distribution
Malware Activity
First: 12.04.2026 08:54
Last: 12.04.2026 08:54
Sources 1
How related:
"The trojanized software was distributed both as ZIP archives and as standalone installers for the aforementioned products," the Russian cybersecurity company said. "These files contain a legitimate signed executable for the corresponding product and a malicious DLL, which is named 'CRYPTBASE.dll' to leverage the DLL side-loading technique."
About this happening:
A **trojanized CPU-Z and HWMonitor distribution** pushed **STX RAT** through **DLL side-loading**, exposing downloaders to **remote access** and **infostealing** risk. The payload...
STX RAT trojanized CPU-Z and HWMonitor distribution
Malware ActivityHow related: "The trojanized software was distributed both as ZIP archives and as standalone installers for the aforementioned products," the Russian cybersecurity company said. "These files contain a legitimate signed executable for the corresponding product and a malicious DLL, which is named 'CRYPTBASE.dll' to leverage the DLL side-loading technique."
About this happening: A **trojanized CPU-Z and HWMonitor distribution** pushed **STX RAT** through **DLL side-loading**, exposing downloaders to **remote access** and **infostealing** risk. The payload...
Notepad++ hit by network compromise
Incident
First: 03.02.2026 06:55
Last: 03.02.2026 06:55
Sources 1
About this happening:
The **Notepad++** hosting breach enabled attackers to hijack the software update path and selectively redirect some users to **malicious servers**, creating a **supply-chain** ris...
Notepad++ hit by network compromise
IncidentAbout this happening: The **Notepad++** hosting breach enabled attackers to hijack the software update path and selectively redirect some users to **malicious servers**, creating a **supply-chain** ris...
Latest development: 18.02.2026 09:40
Notepad++ released version 8.9.2 to harden the update mechanism after the hijacked update path was used to deliver targeted malware. The release adds a "double lock" design with verification of the signed installer downloaded from GitHub and verification of the signed XML returned by the update server at notepad-plus-plus[.]org, and it also introduces WinGUp hardening including removal of libcurl.dll, removal of CURLSSLOPT_ALLOW_BEAST and CURLSSLOPT_NO_REVOKE, and restriction of plugin management execution to programs signed with the same certificate as WinGUp.
Timeline
-
10.04.2026 16:12 2 articles · 1mo ago
CPUID download links poisoned
Initial DisclosureCPUID said a secondary feature, described as a side API, was compromised for approximately six hours between April 9 and April 10, causing the main website to randomly display malicious links for CPU-Z and HWMonitor downloads. The signed original files were not compromised, and the breach has since been fixed.
Show sources
- Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor — www.bleepingcomputer.com — 10.04.2026 16:12
- CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads — thehackernews.com — 12.04.2026 08:54