zlacker

[return to "Notepad++ hijacked by state-sponsored actors"]
1. jmole+12[view] [source] 2026-02-02 02:20:10
>>myster+(OP)
i always worry about tools like this, maintained by small teams, that are so universal that even if only a small fraction of installs are somehow co-opted by malicious actors, you have a wide open attack surface on most tech companies.

e.g. iTerm, Cyberduck, editors of all shades, various VSCode extensions, etc.

◧◩
2. josho+f2[view] [source] 2026-02-02 02:22:16
>>jmole+12
Similarly I worry about how these apps automatically update themselves. I know it can be done securely. I also doubt that these companies invest the engineering effort to do so.
[go to top]