RSS articles - PAKWAP

21-year-old model named Gabriela Rico Jiménez

REHAN — Thu, 05 Feb 2026 15:48:45 +0500

#JeffreyEpstein
In 2009, a 21-year-old model named Gabriela Rico Jiménez drew public attention in Monterrey, Mexico after a disturbing incident outside a luxury hotel. Video footage from that day shows her visibly distressed, making alarming statements — including claims that “they ate human flesh” — after attending what was described at the time as a private or “elite” event. Authorities later stated that her behavior was the result of a mental-health crisis, and she was taken into custody. Shortly after, she faded almost entirely from public view.

Years later, interest in her case resurfaced following the release of U.S. Department of Justice documents related to the Jeffrey Epstein investigation. Among those files was an FBI FD-302 report containing unverified allegations from a male accuser who described extreme acts, including cannibalism and violence against infants. These claims were not substantiated and were documented as allegations only.

The similarities between the statements made by Gabriela in 2009 and the later allegations referenced in those documents have led some people to question how extraordinary claims are recorded, dismissed, or explained — particularly when they involve powerful or exclusive social circles.

However, beyond debates about credibility, one question remains largely unanswered and rarely addressed: what ultimately happened to Gabriela Rico Jiménez after her arrest, and why did she disappear from the public record?

DISCLAIMER:
This post discusses publicly reported events and unverified allegations referenced in released legal documents. It does not assert facts, guilt, or criminal responsibility. All information is shared for discussion and public interest purposes only.

Notepad++ delivered malware for six months

REHAN — Wed, 04 Feb 2026 00:18:14 +0500

Notepad++ delivered malware for six months. From June to December 2025, the update system was compromised. Millions of people use this software. Some of them clicked update and got spyware instead of a patch. Here is what we now know. 🧐

The attackers did not hack Notepad++ itself, they went after the hosting provider instead. On February 2, 2026, developer Don Ho published the full disclosure of what happened. The website notepad-plus-plus.org sat on a shared hosting server, which means it shared space and resources with other customers on the same machine. Once the attackers broke into that server, they could see all the traffic flowing through it and intercept whatever they wanted.

Here is the part that should make every software maintainer uncomfortable: Notepad++, a tool downloaded 80,000 times per day, was running on a cheap shared hosting plan. Not a dedicated server. Not a VPS with proper isolation. A shared environment where one compromised neighbor means everyone is exposed.

The hosting provider later confirmed something interesting in their incident report. They found no evidence that any other customers on that server were targeted. The attackers specifically searched for notepad-plus-plus.org traffic and ignored everything else. They knew exactly what they wanted, and they had access to everything on that server to get it. The other customers got lucky. They could have been collateral damage but weren't.

To understand why this attack worked, it helps to know how Notepad++ updates normally function. A component called WinGUp contacts the server and requests a small XML file that contains the download URL for the latest version. WinGUp then fetches the installer, drops it in the temp folder, and runs it. The whole process is designed to be simple and fast, but older versions had a critical weakness: they never verified whether the downloaded file was actually legitimate. No certificate check, no signature validation, just blind trust that whatever came back was the real thing.

The attackers exploited this by sitting inside the hosting infrastructure and waiting. When certain users requested updates, they swapped the download URL in that XML response. Instead of pointing to the real Notepad++ installer, it pointed to their server. The updater grabbed the malicious file and executed it without question, because it had no way to tell the difference.

Security researcher Kevin Beaumont was one of the first to investigate what was happening. He spoke with three organizations that got hit, all of them telecommunications and financial services companies in East Asia. Every single one reported the same pattern: after the initial infection, there were real attackers sitting at keyboards and actively exploring the compromised networks. This was not automated malware blasting out to random targets, it was targeted espionage with humans making decisions in real time.

The malware itself did exactly what reconnaissance malware always does. It dropped a file called AutoUpdater.exe in the temp folder, which is already suspicious because Notepad++ does not use that filename. Then it ran a series of commands to map the environment:

→ netstat -ano to see all network connections and which processes own them
→ systeminfo to grab hardware specs, OS version, and domain information
→ tasklist to enumerate every running process
→ whoami to identify the current user and their privileges

All of that output was saved to a text file called a.txt, and then the malware used curl to upload it to temp.sh, an anonymous file sharing service that has shown up in other malware campaigns before. Once the attackers had that information, they knew exactly what they were dealing with and could plan their next moves.

Three things made this attack possible.

First, the self-signed certificate. Older versions of Notepad++ used a custom root certificate for code signing, and that certificate was sitting publicly on GitHub for anyone to find. An attacker who grabbed it could sign malicious files that the updater would accept as legitimate.

Second, the lack of proper certificate validation. Even though the updater communicated over HTTPS, it never verified the certificate chain properly. If someone could intercept the traffic, they could substitute their own responses and the updater would accept them without complaint.

Third, and this is the big one: shared hosting. As mentioned earlier, the Notepad++ website shared a server with other customers. One compromised server meant access to all traffic flowing through it.

One detail from the hosting provider's statement stands out: after the server was patched in September and the attackers lost their initial access, they tried to re-exploit the same vulnerability and failed. They were persistent, they came back to check if the door was still open, but this time it was locked.

The timeline shows how long this went undetected.

→ June 2025: hosting server compromised
→ September: routine maintenance locked attackers out of the server, but they kept credentials for internal services
→ October: a user on the Notepad++ forum noticed AutoUpdater.exe launching from the temp folder and running strange commands. First public sign something was wrong
→ November: version 8.8.8 forced updates through GitHub
→ December: version 8.8.9 added proper certificate verification. Attackers lost access on December 2
→ February 2, 2026: Don Ho published the full disclosure with the hosting provider's statement

Multiple researchers attribute this to a group known as APT31, also called Zirconium or Violet Typhoon, which has been active for over a decade and typically goes after intelligence targets rather than money. The targeting pattern fits: telecommunications and finance in East Asia, hands-on-keyboard activity after initial access, selective targeting rather than mass infection.

In cybersecurity, attribution is one of the hardest problems. IP addresses can be spoofed. Tools can be shared. Languages in code can be faked. What we know for sure is how the malware works, not necessarily who is behind it. The operational style points toward state-sponsored activity, but certainty is rare in this field.

One detail worth mentioning: Notepad++ has a history with Chinese censorship. Developer Don Ho has released versions named "Free Uyghur" and "Boycott Beijing," and Chinese browsers blocked the download page in response. Whether that history played a role here is impossible to prove, but it would be strange not to mention the context.

If Notepad++ is installed on any systems, here is what to check:

→ Look for gup.exe making network requests to anything other than notepad-plus-plus.org, github.com, or release-assets.githubusercontent.com
→ Check the temp folder for files named AutoUpdater.exe or update.exe, because Notepad++ does not create files with those names
→ Look for gup.exe spawning unexpected child processes, since it should only launch explorer.exe and installers that start with npp
→ Check logs for any connections to temp.sh

And here is what to do about it:

→ Update to version 8.8.9 or newer immediately
→ Download manually from the official website rather than trusting the built-in updater on older versions
→ Remove the old self-signed root certificate if it was ever installed
→ If any system shows signs of compromise, investigate thoroughly before assuming it is clean

The bigger picture here is that supply chain attacks more than doubled in 2025, and the OWASP Top 10 now lists software supply chain failures as the third biggest security risk. The logic for attackers is simple: why attack a thousand companies individually when compromising one update server reaches them all at once?

Don Ho has since moved the website to a new hosting provider with stronger security practices, added certificate verification and signature checks, and forced all updates through GitHub. The immediate threat is resolved.

Don Ho has maintained Notepad++ for over twenty years, for free. The infrastructure ran on shared hosting. He has since moved to a new provider with stronger security practices. But twenty years of updates and bug fixes for millions of users does not pay for itself.

Want to understand how attackers exploit software update systems and supply chains?

I cover traffic interception, network attacks, and real exploitation scenarios in my ethical hacking course:
→ https://www.udemy.com/course/ethical-hacking-complete-course-zero-to-expert/?couponCode=FEBRUARY26

(The link supports me directly as your instructor!)

Hacking is not a hobby but a way of life. 🎯

Read the full breakdown: https://hackingpassion.com/notepad-plus-plus-supply-chain-attack/

#EthicalHacking #SupplyChainAttack #CyberSecurity #InfoSec #Notepad #Malware #ThreatIntelligence #SoftwareSecurity #UpdateHijacking #APT

Research & writing: Jolanda de Koff | HackingPassion.com
Sharing is fine. Copying without credit is not.

AI Agents And Bots Build Their Own Social Platform

REHAN — Tue, 03 Feb 2026 00:49:37 +0500

Moltbook is a newly launched social network designed exclusively for artificial intelligence agents to post, comment, and interact with each other, while humans can only observe.

The platform was created by developer Matt Schlicht and launched over a weekend.

Schlicht said Moltbook attracted about 147,000 AI agents, formed more than 12,000 communities, and generated over 110,000 comments within its first three days.

Moltbook operates through APIs rather than traditional user interfaces, allowing AI agents to act autonomously.

Schlicht described Moltbook as an agent-first platform built specifically for how AI systems interact.

In 1999, Anyone Could Access Any Hotmail Account

REHAN — Tue, 03 Feb 2026 00:39:21 +0500

In August 1999, Hotmail experienced one of the most significant security lapses in internet history when a simple flaw in its login script exposed millions of accounts globally. The vulnerability, publicized by the group Hackers Unite, allowed anyone to bypass security and access any inbox by simply entering the password "eh." This shockingly easy exploit forced Microsoft to scramble for a patch while denying rumors of a deliberate backdoor within the system. Today, the incident remains a legendary cautionary tale for software developers, highlighting how a minor coding error can lead to a monumental cybersecurity disaster. It serves as a stark reminder of the critical importance of rigorous security auditing in the early days of

Via: Tech Viral

OpenAI launches GPT‑5.2-powered Prism

REHAN — Wed, 28 Jan 2026 21:13:54 +0500

Prism is an AI-powered research writing workspace built with GPT-5.2.

It puts the AI inside your document, so it understands your full text, equations, and references — not just chat messages. It helps you write, edit, format LaTeX, manage citations, and collaborate in real time.

In short:
Prism = Smart document editor + GPT-5.2 assistant for research and technical writing.

Earth’s balance is shifting…

REHAN — Mon, 26 Jan 2026 16:41:33 +0500

New research reveals the Northern Hemisphere is absorbing significantly more solar energy than the Southern Hemisphere, a shift that could reshape global weather patterns.

Since 2001, the Northern Hemisphere has been retaining approximately 0.34 watts more solar energy per square meter every decade compared to the South. This growing energy gap is driven by a combination of environmental changes that have fundamentally altered how our planet reflects sunlight. As snow and ice melt, they expose darker land and ocean surfaces that soak up heat rather than bouncing it back into space. At the same time, a decline in air pollution across the north has cleared the atmosphere of reflective aerosols, while rising water vapor levels further trap heat, creating a feedback loop of warming.

Perhaps the most startling discovery is that Earth’s natural cooling mechanisms are failing to keep pace. Scientists previously expected cloud cover to increase and offset this extra heat absorption, but recent data shows clouds are not stepping in to restore the balance. This discrepancy challenges existing climate models and suggests that the planet’s ability to self-regulate its energy may be more fragile than once thought. As this hemispheric divide widens, the resulting pressure could trigger significant shifts in rainfall patterns and storm tracks worldwide.

source: Proceedings of the National Academy of Sciences (2025). Emerging hemispheric asymmetry of Earth’s radiation. PNAS.

Reports Are Saying Earth Will “Lose Gravity”

REHAN — Sat, 24 Jan 2026 22:08:44 +0500

Scientists are debunking "Project Anchor," a viral hoax alleging that a NASA-predicted gravitational anomaly will cause global chaos in 2026.

A viral conspiracy theory dubbed "Project Anchor" is sweeping social media, claiming that Earth will lose its gravity for precisely seven seconds on August 12, 2026. The rumor, which has garnered hundreds of thousands of shares on TikTok and Instagram, alleges that a leaked NASA document predicts 40 to 60 million casualties as people float into the air and crash back down. Conveniently timed to coincide with a total solar eclipse, the hoax relies on manufactured panic and "AI slop" to generate clicks, despite having zero basis in physical reality.

Astrophysicists are urging the public to apply critical thinking, noting that gravity is not a switch that can be turned off. Because gravity is a direct result of mass, the only way for the planet to lose its gravitational pull would be for the Earth itself to disappear. Furthermore, the claim that intersecting gravitational waves could cause this "blip" is scientifically illiterate; these waves are so weak they require the world's most sensitive detectors to even notice them. While the 2026 eclipse will be a sight to behold, you can stay grounded knowing that physics doesn't take breaks.

source: Carpineti, A. (2026). Heard The Rumor Earth Will Lose Gravity For 7 Seconds On August 12, 2026? Here’s Why It’s Rubbish. IFLScience.

New messaging app that works without the internet

REHAN — Sat, 24 Jan 2026 15:34:07 +0500

Did you know Jack Dorsey, the co-founder of Twitter, has launched a new messaging app that works without the internet

Instead of using Wi-Fi, mobile data, or cell towers, the app uses Bluetooth to connect phones directly to each other. Messages hop from one device to the next, forming a local network. No internet. No signal. No central servers.

What makes it different?
🔒 End-to-end encrypted (messages stay private)
👤 No phone number, no email, no account needed
🌍 Works even when networks are down or restricted

Why this matters:
This kind of technology can be critical during natural disasters, power outages, emergencies, protests, or in places where internet access is limited or blocked. As long as nearby phones have Bluetooth on, messages can still move.

In a world that depends heavily on the internet, this is a reminder that real connection doesn’t always need infrastructure.

Technology built for communication—even when everything else is cut off.
#cybersecurity #lifestyle

Japan set a new Internet Speed record

REHAN — Sat, 24 Jan 2026 15:31:43 +0500

Researchers in Japan have achieved a breakthrough that could transform the future of global connectivity. By pushing fiber-optic technology to its limits, they managed to send data at speeds faster than anything previously recorded, opening the door to a new era of internet performance. What makes this achievement even more remarkable is that it builds on existing cable infrastructure, meaning worldwide networks could one day be upgraded without starting from scratch.

This leap in speed has profound implications. From enabling real-time VR and immersive metaverse experiences to powering scientific research that requires instant data transfer, the possibilities are endless. Financial markets, healthcare, and artificial intelligence could all operate with virtually zero delay. Japan’s milestone shows how the next generation of internet won’t just be faster — it could fundamentally reshape how we work, learn, and connect across the planet.

149M Logins from Roblox, TikTok, Netflix, Crypto

REHAN — Sat, 24 Jan 2026 15:18:25 +0500

149M Logins from Roblox, TikTok, Netflix, Crypto Wallets Found Online

149 million stolen usernames and passwords for TikTok, Disney+, Netflix, Roblox, and crypto wallets were found online without any security authentication. Learn about the latest massive data leak and how to secure your digital identity today.

A massive database containing over 149 million stolen usernames and passwords has been taken offline after sitting wide open on the internet for weeks. Cybersecurity researcher Jeremiah Fowler discovered the exposed cache, noting that the exposure “highlights the global threat” of data theft because it allowed anyone with a web browser to view and search the records. This research was published by ExpressVPN and shared with Hackread.com.