This week’s Cybersecurity Field Notes covers what I’ve been learning, experimenting with, and paying attention to in the infosec community. Alongside my personal notes, I’ve included a short summary of notable cybersecurity events from the past week.

What I'm Learning

HTB Academy: Windows Fundamentals

Since falling ill, I've been struggling to finish this module. I've just started the section on managing Windows services. Like most computer nerds, cosplaying a system administrator makes me light up like a Christmas tree. Having a firm grasp of service management is critical to maintaining that illusion while crawling through a Windows system.

HackTheBox's lab environment is just the right amount of gamified to keep me learning long after I should have gone to sleep.

Cloud: Google Cloud Platform

The last time I checked in, I was knee-deep in Azure territory. Since then, I've been in Greener(?) pastures. No shade against Azure; I simply prefer Google's training platform. Google Cloud's impressive range of services, clear documentation, and relatively clean logging have put it at the top of my "to-learn" list.

I've enrolled in Google's "Cloud Engineer" learning path.

Just for fun: Malware Analysis

Malware analysis has been an on-and-off love affair for the past few years. I've since picked it back up and have been spending the odd evening analyzing samples in my lab. I've also been doing challenges on cyberdefenders.org.

Stories I'm Following

The word of the week is "China". Let's get into it.

Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model

Anthropic says three Chinese AI firms—DeepSeek, Moonshot AI, and MiniMax—used about 24,000 fake accounts to send over 16 million prompts to its Claude model, extracting its advanced capabilities to train their own systems via “distillation”. Distillation is a training method that leverages the outputs of one model to train another. Anthropic claims this violates its terms and poses national security risks, as such copies lack built-in safety safeguards. It’s tightening defenses and urging broader industry and policy action against these large-scale extraction campaigns.

Link: https://thehackernews.com/2026/02/anthropic-says-chinese-ai-firms-used-16.html

Notepad++ Infrastructure Compromised

Suspected China state–backed hackers compromised Notepad++’s update infrastructure for six months, selectively delivering backdoored versions of the popular Windows editor to targeted users. The attackers exploited weaknesses in the app’s updater (GUP/WinGUP), intercepting update traffic and redirecting victims to malicious servers. The payload, dubbed Chrysalis, is described as a sophisticated, persistent backdoor enabling hands-on remote control. Although downloads were signed, earlier verification flaws allowed tampering. Notepad++ regained control of its infrastructure in December and strengthened update security. Researchers warn that trojanized installers and malicious extensions remain a risk.

Link: https://www.wired.com/story/notepad-plus-plus-china-hackers-update-infrastructure/

Technical analysis: https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/

That's it for this edition of Cybersecurity Field Notes. If you enjoyed the article, please consider subscribing to my mailing list. I post write-ups, security analyses, and blogs about whatever I find interesting.