Between April 9 and 10, 2026, the official website of software developer CPUID was compromised, resulting in the distribution of malware-infected versions of the widely used system monitoring tools CPU-Z and HWMonitor. The breach occurred due to a compromised API, which allowed attackers to inject malicious code into the installation files. Users who downloaded the software during this period received modified files containing a harmful DLL, enabling remote access to their systems by connecting to a command-and-control server. The malicious files were sometimes identified as HWiNFO_Monitor_Setup.exe, appearing with malware warnings and Russian language dialogs, suggesting a targeted, multilingual attack strategy. CPUID confirmed the security incident and stated that the vulnerability has been patched, and current downloads from the official site are now safe and unaltered. This incident highlights the importance of secure download channels and file integrity verification, especially for open-source or free software tools with large user bases. Given the widespread use of CPU-Z and HWMonitor in the technical and gaming communities, this breach poses a serious threat to digital security, even though the compromised files were limited to a brief window of time.