#software-update-compromise

[ follow ]
#notepad #supply-chain-attack #state-sponsored #malware-distribution
Information security
fromTheregister
2 weeks ago

Notepad++ patches update chain after targeted compromise

State-sponsored attackers compromised Notepad++ update service in 2025, redirecting targeted users to malicious update manifests via a compromised hosting server and weak verification.
fromThe Hacker News
2 weeks ago

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

"The attack involved [an] infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org," developer Don Ho said. "The compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself." The exact mechanism through which this was realized is currently being investigated, Ho added.
Information security
[ Load more ]