Weekly Zeitgeister: Notepad++ Turned Into Chinese State Backdoor
Plus: AI agent breaches, Oracle's $50B bet, PM hiring crisis, and Europe's ID mandate
About Weekly Zeitgeister
Weekly Zeitgeister is powered by Zeitgeister— my tech news tool that breaks down top stories into actionable insights for tech execs and ranks them based on your specific tech stack.
This Week’s Top Stories
01. OpenClaw’s Security Nightmare
02. Notepad++ Hijacked by Chinese State Actors
03. Oracle’s $50B AI Infrastructure Bet
04. Product Management’s Brutal Reality Check: 200+ Applications, Zero Offers
05. Spain Joins the “Coalition of the Digitally Willing”
OpenClaw’s Security Nightmare
General Consensus: 15% Positive | 25% Neutral | 60% Negative
What happened
OpenClaw, a new AI agent platform, went viral because it’s easy to install—non-technical users could set up AI agents on a Mac mini to read emails, manage calendars, and access bank accounts.
Security researchers compromised these agents in 5 minutes using prompt injection—they sent emails with hidden malicious instructions that tricked agents into stealing passwords and API keys.
The platform includes a social network called Moltbook where anyone could post content that agents would automatically read and execute—there was no way to verify whether instructions came from legitimate sources.
Why it matters
People gave AI agents access to sensitive accounts without understanding the risks: A malicious email can now steal your banking credentials.
There’s no way to verify who’s controlling an agent: The platform has no authentication, so attackers can run scripts that look exactly like legitimate AI agents.
Even “isolated” agents stay connected to your home network: Compromising one agent creates a path to attack everything else on your network.
Actionable Insights
Search your network for OpenClaw installations now: Look for port 18789 or unusual cloud bills—employees probably installed this without asking.
Require approval before any agent gets permissions: Treat AI agents like you’d treat a sketchy third-party app—minimal access only.
Test your defenses against prompt injection: Send fake malicious emails to your agents and see what happens before real attackers do.
Boardroom Talking Point
“Security researchers compromised OpenClaw agents via email prompt injection in 5 minutes, stealing banking credentials from non-technical users. We’re implementing permission frameworks and testing protocols before deploying any AI agents.”
Notepad++ Hijacked by Chinese State Actors
General Consensus: 15% Positive | 25% Neutral | 60% Negative
What happened
Notepad++ was compromised for six months (June-December 2024) through its update system—Chinese state actors hijacked the auto-update mechanism to install backdoors on specific targets.
Most users never knew because attackers were selective—when certain people clicked “check for updates,” they got malware instead of the real update.
The attack worked because the update system didn’t verify it was talking to the real Notepad++ servers—attackers could redirect update requests to their own servers.
Why it matters
Installing the latest update now doesn’t remove malware from the compromise window: If you had Notepad++ between June-December 2024, you need forensic investigation, not just an update.
Selective targeting creates false confidence: Just because you weren’t specifically targeted doesn’t mean the vulnerability isn’t there.
Hundreds of dev tools have the same problem: VSCode extensions, terminal apps, and other single-maintainer tools can be hijacked the same way.
Actionable Insights
Check for signs of Chrysalis malware: Security researchers published detection tools you can run on all machines with Notepad++.
Audit auto-update permissions across all tools: Which applications can update themselves without verification? That’s your attack surface.
Move critical tools to managed package systems: Chocolatey and Winget verify updates are legitimate before installing them.
Document your supply chain breach procedures: When a trusted tool gets compromised, what’s your response? Write it down before it happens.
Boardroom Talking Point
“Notepad++ suffered a six-month supply chain attack that selectively delivered backdoors to targeted users. We’re auditing auto-update mechanisms and moving to package managers with cryptographic verification.”
Oracle’s $50B AI Infrastructure Bet
General Consensus: 35% Positive | 40% Neutral | 25% Negative
What happened
Oracle is raising $45-50 billion through combined debt and equity to build hyperscale AI infrastructure—one of the largest capital raises in enterprise tech history, specifically targeting cloud capacity for AI workloads.
The financing structure reveals uncertainty about returns—mixing debt and equity shows Oracle is hedging on when AI infrastructure actually generates revenue.
The contrast is stark: tens of billions into cutting-edge AI while core banking systems remain decades old—Oracle’s own business systems that process transactions are still running on architecture from the 1980s.
Why it matters
Infrastructure costs will stay elevated for 24-36 months: AI workloads need specialized hardware—don’t expect costs to drop quickly.
Capacity will become scarce: Companies that delay infrastructure decisions may not get compute resources when they actually need them.
Hyperscale competition creates negotiating leverage: Oracle’s massive investment means you can pit them against AWS/Azure/GCP for better contract terms.
Technical debt blocks AI adoption: Pouring money into AI capabilities while core systems remain outdated creates impossible integration challenges.
Actionable Insights
Map your cloud provider’s AI infrastructure roadmap: Understand what they’re building and whether your contracts guarantee access.
Build financial models assuming extended high costs: Plan for AI infrastructure remaining expensive for 24-36 months, not dropping quickly.
Identify where legacy systems block AI initiatives: Find the bottlenecks where old architecture makes AI integration impossible—fix those first.
Use Oracle’s buildout as negotiating leverage: Their entry into hyperscale AI creates competition—use it to get better pricing from existing providers.
Boardroom Talking Point
“Oracle is raising $50 billion for AI infrastructure while their core banking systems remain decades old—highlighting the risk of chasing AI innovation when foundational systems create bottlenecks.”
Product Management’s Brutal Reality Check: 200+ Applications, Zero Offers
General Consensus: 20% Positive | 30% Neutral | 50% Negative
What happened
Product managers are sending 200+ applications with almost zero success—even though companies are posting more PM jobs than they have since 2024, candidates report unprecedented rejection rates.
The role is splitting in two: technical builders who code with AI, and strategic thinkers who understand markets—the middle ground of “backlog managers” is disappearing.
Companies don’t trust PMs anymore: Publicis Sapient rejected candidates for taking notes during interviews because they thought AI was helping them—showing how questioned the role has become.
Why it matters
If your good PMs leave, even 8+ years of experience won’t guarantee they find comparable roles.
You can’t hire entry-level talent anymore: Associate PM roles now require 3+ years of experience—there’s no way for new people to enter.
Companies are questioning PMs’ value but not giving them better tools: The real problem isn’t that PMs can’t add value—it’s that they don’t have the authority or tools to predict what features will make money.
Actionable Insights
Audit which PMs create value and how: Identify who delivers unique market insights versus who just manages process—resource accordingly.
Set clear technical expectations: Do PMs need to code, understand architecture, or just collaborate effectively with AI-augmented engineering? Decide now.
Test candidates on building, not frameworks: Evaluate whether they can actually build products, not whether they can recite stakeholder management theory.
Split the career track explicitly: Recognize that technical PMs and strategic PMs are different roles with different compensation and success metrics.
Boardroom Talking Point
“Product managers are reporting 200+ applications with near-zero offers as AI automates traditional responsibilities. The role is splitting into technical builders and strategic visionaries—we need to redefine expectations before losing critical talent.”
Spain Joins the “Coalition of the Digitally Willing”
General Consensus: 15% Positive | 15% Neutral | 70% Negative
What happened
Spain joined five other European countries banning social media for anyone under 16—they’re calling it the “Coalition of the Digitally Willing” and coordinating enforcement across borders.
To check if someone is under 16, platforms have to check everyone’s age—that means collecting government IDs from all users, not just kids.
France already announced VPNs are “next on the list” for blocking—Australia started implementing first as the test case, showing governments are serious about enforcement.
Why it matters
Anonymous internet access ends in these countries: If you can’t prove your age with government ID, you can’t access social platforms.
Global platforms may need separate versions for different regions: Incompatible privacy rules mean you might need different instances of your product.
Users will leave rather than upload their passport: Expect significant drop-off when ID requirements hit—community opposition is overwhelming.
Actionable Insights
Start planning for mandatory ID collection: This regulation is spreading—research age verification vendors and costs now.
Watch Australia’s implementation: They’re going first, so their technical problems will preview what’s coming everywhere else.
Decide early: comply or exit: Some platforms will collect passports, others will leave these countries entirely—make that choice before you’re forced to.
Boardroom Talking Point
“Spain joined five countries requiring government ID to access social media, claiming it’s about protecting kids under 16. But you can’t check ages without checking everyone—and France already said VPNs are next.”
There you have it: five days, five headlines - each with a breakdown of what happened, why it matters for tech leaders, what to do next, and what to say to show stakeholders you’re aware and prepared for the future.
Back with another Weekly Zeitgeister next week.
Enjoy your weekend!
Bobby
P.S. If you’d rather see trends personalized to you - mapped, explained, and ranked to your domains, your vendors, and your board conversations - do give Zeitgeister a try.
It’s free, and you’ll get:
🧠 Agnostic trend feed across Reddit, HN, news, and more
📊 Synthesized briefings with context, risks, and opportunities
🗣️ Stakeholder-ready talking points for CEOs, boards, and PE partners
⏱️ Saves you a couple of hours a week on “what’s going on and why do I care?”
On OpenClaw article, the board talking points are very much relevant .
I think it would be great to share Agentic AI guardrails and controls so we learn from each other. I will share it in a few days as we are almost close to roll out our Agentic AI MVP.