DOMAINTOOLS Investigations’ March 2026 update shines a spotlight on two major threat themes: the weaponisation of trust in supply chains and high-velocity fraud. In a Hot off the Presses piece, DTI researchers detail the Lotus Blossom (G0030) operation, which compromised the Notepad++ update pipeline from late 2025 into early 2026 by infiltrating upstream distribution and redirecting updates to deliver low-noise implants to a small group of targets, with attribution to a China-aligned espionage actor.
The report underscores how attackers subverted a legitimate developer supply chain to gain high-value access while most users continued receiving legitimate updates. A Security Snack on Idolized Crypto Scams describes a scam operation spanning roughly 250 domains and targeting multiple blockchains, using impersonation, counterfeit presales and cross-chain laundering in a globally distributed infrastructure.
On-chain findings point to a single actor behind both campaigns, suggesting a consolidated, sophisticated infrastructure feeding fraud across BTC, ETH and XRP. The newsletter also notes forthcoming appearances by the team at regional conferences and ongoing research into related cyber threats.