Hello and welcome to the Tuesday, February 3, 2026 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the Sands.edu graduate certificate program in incident response.

So today's episode will be a little bit AI heavy. Sorry for that, but we'll start with some simple scanning

for anthropic models. That's something that we detected over the weekend in our honeypots. Not how I'm

sure what they're going after, but I assume that they're looking for people who have installed

some at least anthropic-related models on their own system, then expose it. Maybe some system

also expose them via proxies. I've seen that. So

here they may take advantage of

any API keys or so that

are preloaded and in the proxy

that they can abuse. But

either way, the scans came

from a Tor exit node.

And if you're doing anything like this,

please just don't expose them to the internet.

A Notepad Plus Plus today did release an advisory stating that their update website had

been compromised at least since June 2025.

Now this became sort of news in December last year when people noticed that something is wrong

here with certain files being downloaded from the website.

According to this advisory now, it looks like there was a compromise of the hosting infrastructure,

so nothing that Notepad++ directly controlled.

...