zlacker

[return to "Notepad++ hijacked by state-sponsored actors"]
1. jmole+12[view] [source] 2026-02-02 02:20:10
>>myster+(OP)
i always worry about tools like this, maintained by small teams, that are so universal that even if only a small fraction of installs are somehow co-opted by malicious actors, you have a wide open attack surface on most tech companies.

e.g. iTerm, Cyberduck, editors of all shades, various VSCode extensions, etc.

◧◩
2. hsbaua+Y2[view] [source] 2026-02-02 02:29:13
>>jmole+12
If you think large companies are somehow immune to this, you’re gonna have a bad time.
◧◩◪
3. Araina+q3[view] [source] 2026-02-02 02:34:11
>>hsbaua+Y2
It's not a matter of "immune" - larger organizations generally have more resources to allocate to things like this. That doesn't mean they get it right 100% of the time, but they are at least able to try, while small teams or volunteer projects often simply don't have the hours to spend on things like this.
◧◩◪◨
4. techni+we[view] [source] 2026-02-02 04:36:11
>>Araina+q3
I've sat in some pretty large orgs and my own experience was the "resources allocated" went to the PR team. I can assure you that they would have had a more boring, corporate sounding announcement with multiple references to their legal team and the actions they would have taken, alongside some useless information about being PCI compliant or something. I'm not convinced the practical output is any better.
[go to top]