**Another Week, Another Data Disaster: Substack, Coinbase, and a Malicious Notepad++ Update**
The past week has been marked by yet another series of data breaches and hacks, leaving users of popular platforms such as Substack and Coinbase scrambling to protect their sensitive information.
Substack, a newsletter platform used by millions of writers and publishers, suffered a breach in October 2025 that exposed phone numbers and email addresses. While the company claims to have resolved the issue and notified impacted users, it has not disclosed exactly how widespread the breach was or what kind of information was obtained. In a statement, Substack's CEO assured users that credit card, financial, and password data were not lost in the breach.
The Coinbase hack, on the other hand, was more complicated. A hacking group known as Scattered LAPSUS$ Hunters posted internal screenshots of sensitive information, including account balances and internal support tools, in a Telegram chat. The hackers claimed to have obtained this information by exploiting a contractor's access to obtain data about specific users.
Meanwhile, Notepad++, a popular utility for Windows that has been maintained by a single independent developer for years, was allegedly hijacked by state-sponsored hackers in China. The developers noticed suspicious activity late last year and confirmed this week that the hackers had targeted the domain the app uses for updates, redirecting users to a malicious version instead of the real one.
While the Notepad++ hack may have only affected a few people, it's a chilling reminder that even seemingly innocuous services can be exploited by attackers. And with more and more devices connected to the internet, the risks associated with these types of hacks will only continue to grow.
**Protecting Yourself from Hacks and Scams**
With data breaches and hacks on the rise, it's essential to take proactive steps to protect your sensitive information. Here are some tips to help you stay safe:
Turn off Face ID on your iPhone and enable Lockdown Mode: As a recent report highlighted, law enforcement can compel you to use biometrics to unlock your devices, but they cannot compel you to turn over passwords and passcodes if your devices are secured that way.
Be cautious of tax-related scams: With tax season in full swing, scammers are crawling out of the woodwork to get their hands on your refund or financial data. Be sure to use reputable tax prep software and keep an eye out for suspicious emails or calls claiming to be from the IRS.
Understand what VPN audits do: With so many VPN providers making bold claims about their security and privacy, it's essential to understand what a VPN audit is and why you should look for one before buying a subscription. A VPN audit evaluates security and privacy, not marketing claims, so it can help determine whether a VPN is lying when they say things like they "don't keep logs" or have "secure servers."
**Other Security Stories**
A recent report by Sygnia revealed a massive network of AI-powered websites run by scammers that are designed to look like professional law firms. These sites, which number over 150, use cloned domain names and unique security certificates to trick victims into reaching out for legal support.
Another study found that digital squatting is becoming a growing problem for brands worldwide. With over 6,200 domain complaints filed with the World Intellectual Property Organization (WIPO) in 2025, it's clear that this issue will only continue to grow unless addressed.
By understanding these security threats and taking proactive steps to protect yourself, you can stay ahead of the curve and keep your sensitive information safe.